This run took 63 seconds.
From decb063f835ef6a28d917f6c54e5e990e9209983 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 27 Mar 2026 12:47:58 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* yaml: 2.4.1 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
Change-Id: I43e362d0f3a61e6ee411c083e73ca930c38d23b6
---
package-lock.json | 97 ++++++++++++++++++++++++-----------------------
1 file changed, 50 insertions(+), 47 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 04f0746..9e5f8c9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -486,9 +486,9 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
- "version": "5.0.3",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
- "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+ "version": "5.0.5",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+ "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"dependencies": {
"balanced-match": "^4.0.2"
@@ -818,9 +818,9 @@
"dev": true
},
"node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0",
@@ -1929,19 +1929,19 @@
}
},
"node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
- "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
+ "version": "3.3.5",
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
+ "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
"dev": true,
"dependencies": {
- "ajv": "^6.12.4",
+ "ajv": "^6.14.0",
"debug": "^4.3.2",
"espree": "^10.0.1",
"globals": "^14.0.0",
"ignore": "^5.2.0",
"import-fresh": "^3.2.1",
"js-yaml": "^4.1.1",
- "minimatch": "^3.1.2",
+ "minimatch": "^3.1.5",
"strip-json-comments": "^3.1.1"
},
"engines": {
@@ -3666,9 +3666,9 @@
"dev": true
},
"node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
"engines": {
"node": ">=8.6"
@@ -4528,9 +4528,9 @@
}
},
"node_modules/tinyglobby/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -4598,9 +4598,9 @@
}
},
"node_modules/ts-declaration-location/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -4872,15 +4872,18 @@
"dev": true
},
"node_modules/yaml": {
- "version": "2.4.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
- "integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true,
"bin": {
"yaml": "bin.mjs"
},
"engines": {
- "node": ">= 14"
+ "node": ">= 14.6"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/eemeli"
}
},
"node_modules/yaml-eslint-parser": {
@@ -5347,9 +5350,9 @@
"dev": true
},
"brace-expansion": {
- "version": "5.0.3",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
- "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+ "version": "5.0.5",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+ "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"requires": {
"balanced-match": "^4.0.2"
@@ -5590,9 +5593,9 @@
"dev": true
},
"brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"requires": {
"balanced-match": "^1.0.0",
@@ -6424,19 +6427,19 @@
},
"dependencies": {
"@eslint/eslintrc": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
- "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
+ "version": "3.3.5",
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
+ "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
"dev": true,
"requires": {
- "ajv": "^6.12.4",
+ "ajv": "^6.14.0",
"debug": "^4.3.2",
"espree": "^10.0.1",
"globals": "^14.0.0",
"ignore": "^5.2.0",
"import-fresh": "^3.2.1",
"js-yaml": "^4.1.1",
- "minimatch": "^3.1.2",
+ "minimatch": "^3.1.5",
"strip-json-comments": "^3.1.1"
}
},
@@ -7653,9 +7656,9 @@
"dev": true
},
"picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true
},
"pluralize": {
@@ -8277,9 +8280,9 @@
"requires": {}
},
"picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true
}
}
@@ -8319,9 +8322,9 @@
},
"dependencies": {
"picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true
}
}
@@ -8510,9 +8513,9 @@
"dev": true
},
"yaml": {
- "version": "2.4.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
- "integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true
},
"yaml-eslint-parser": {
--
2.47.3
$ date
--- stdout ---
Fri Mar 27 12:47:11 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-services-parsoid.git /src/repo --depth=1 -b REL1_44
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_44
--- stdout ---
6b192c784e694555c6562be2e1aa59ad6beec8d1 refs/heads/REL1_44
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint",
"eslint-plugin-unicorn"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"node_modules/@eslint/eslintrc",
"node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"@humanwhocodes/config-array": {
"name": "@humanwhocodes/config-array",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "*",
"nodes": [
"node_modules/@humanwhocodes/config-array"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115432,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<5.0.5"
}
],
"effects": [
"minimatch"
],
"range": "<5.0.5",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/brace-expansion"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112705,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.2.2"
}
],
"effects": [],
"range": "5.0.0 - 5.2.1",
"nodes": [
"node_modules/diff"
],
"fixAvailable": true
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"minimatch"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-vue"
],
"range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-unicorn",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jest": {
"name": "eslint-plugin-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "25.0.1 - 29.12.2",
"nodes": [
"node_modules/eslint-plugin-jest"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-unicorn": {
"name": "eslint-plugin-unicorn",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "50.0.0 - 54.0.0",
"nodes": [
"node_modules/eslint-plugin-unicorn"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": false
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112715,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [
"mocha"
],
"range": "4.0.0 - 4.1.0",
"nodes": [
"node_modules/mocha/node_modules/js-yaml"
],
"fixAvailable": false
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
},
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
"brace-expansion"
],
"effects": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"eslint",
"mocha"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@humanwhocodes/config-array/node_modules/minimatch",
"node_modules/eslint-plugin-unicorn/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"diff",
"js-yaml",
"minimatch",
"nanoid",
"serialize-javascript"
],
"effects": [],
"range": "5.1.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": false
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109563,
"name": "nanoid",
"dependency": "nanoid",
"title": "Predictable results in nanoid generation when given non-integer values",
"url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.3.8"
}
],
"effects": [
"mocha"
],
"range": "<3.3.8",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": false
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115490,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115492,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115493,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115495,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/picomatch",
"node_modules/tinyglobby/node_modules/picomatch",
"node_modules/ts-declaration-location/node_modules/picomatch"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113719,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.14.1"
}
],
"effects": [
"request"
],
"range": "<6.14.1",
"nodes": [
"node_modules/request/node_modules/qs"
],
"fixAvailable": false
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"qs",
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115369,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
"node_modules/yaml"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 14,
"high": 4,
"critical": 2,
"total": 21
},
"dependencies": {
"prod": 80,
"dev": 352,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 431
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 86 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.6)
- Locking doctrine/instantiator (2.1.0)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking justinrainbow/json-schema (v6.7.2)
- Locking liuggio/statsd-php-client (v1.0.18)
- Locking marc-mabe/php-enum (v4.7.2)
- Locking mediawiki/mediawiki-codesniffer (v46.0.0)
- Locking mediawiki/mediawiki-phan-config (0.15.1)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (6.1.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking monolog/monolog (2.11.0)
- Locking myclabs/deep-copy (1.13.4)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking nikic/php-parser (v4.19.5)
- Locking ockcyp/covers-validator (v1.6.0)
- Locking phan/phan (5.4.5)
- Locking phar-io/manifest (2.0.4)
- Locking phar-io/version (3.2.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.7)
- Locking phpdocumentor/type-resolver (1.12.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking phpunit/php-code-coverage (9.2.32)
- Locking phpunit/php-file-iterator (3.0.6)
- Locking phpunit/php-invoker (3.1.1)
- Locking phpunit/php-text-template (2.0.4)
- Locking phpunit/php-timer (5.0.3)
- Locking phpunit/phpunit (9.6.34)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking sebastian/cli-parser (1.0.2)
- Locking sebastian/code-unit (1.0.8)
- Locking sebastian/code-unit-reverse-lookup (2.0.3)
- Locking sebastian/comparator (4.0.10)
- Locking sebastian/complexity (2.0.3)
- Locking sebastian/diff (4.0.6)
- Locking sebastian/environment (5.1.5)
- Locking sebastian/exporter (4.0.8)
- Locking sebastian/global-state (5.0.8)
- Locking sebastian/lines-of-code (1.0.4)
- Locking sebastian/object-enumerator (4.0.4)
- Locking sebastian/object-reflector (2.0.4)
- Locking sebastian/recursion-context (4.0.6)
- Locking sebastian/resource-operations (3.0.4)
- Locking sebastian/type (3.2.1)
- Locking sebastian/version (3.0.2)
- Locking squizlabs/php_codesniffer (3.11.3)
- Locking symfony/console (v6.4.35)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/polyfill-php80 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v7.4.6)
- Locking theseer/tokenizer (1.3.1)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (2.1.6)
- Locking wikimedia/alea (1.0.1)
- Locking wikimedia/assert (v0.5.1)
- Locking wikimedia/base-convert (v2.0.2)
- Locking wikimedia/bcp-47-code (v2.0.3)
- Locking wikimedia/dodo (v0.6.0)
- Locking wikimedia/idle-dom (v2.0.1)
- Locking wikimedia/ip-utils (5.0.0)
- Locking wikimedia/json-codec (v4.0.0)
- Locking wikimedia/langconv (0.4.2)
- Locking wikimedia/object-factory (v5.0.1)
- Locking wikimedia/remex-html (5.1.0)
- Locking wikimedia/testing-access-wrapper (4.0.0)
- Locking wikimedia/utfnormal (4.0.0)
- Locking wikimedia/wikipeg (5.0.1)
- Locking wikimedia/zest-css (4.1.1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 86 installs, 0 updates, 0 removals
- Downloading wikimedia/idle-dom (v2.0.1)
- Downloading wikimedia/dodo (v0.6.0)
- Downloading wikimedia/wikipeg (5.0.1)
0/3 [>---------------------------] 0%
2/3 [==================>---------] 66%
3/3 [============================] 100%
- Installing squizlabs/php_codesniffer (3.11.3): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing marc-mabe/php-enum (v4.7.2): Extracting archive
- Installing justinrainbow/json-schema (v6.7.2): Extracting archive
- Installing liuggio/statsd-php-client (v1.0.18): Extracting archive
- Installing symfony/polyfill-php80 (v1.33.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.3): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v46.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing symfony/string (v7.4.6): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v6.4.35): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (2.1.6): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.7): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.5): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.1.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.15.1): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing monolog/monolog (2.11.0): Extracting archive
- Installing sebastian/version (3.0.2): Extracting archive
- Installing sebastian/type (3.2.1): Extracting archive
- Installing sebastian/resource-operations (3.0.4): Extracting archive
- Installing sebastian/recursion-context (4.0.6): Extracting archive
- Installing sebastian/object-reflector (2.0.4): Extracting archive
- Installing sebastian/object-enumerator (4.0.4): Extracting archive
- Installing sebastian/global-state (5.0.8): Extracting archive
- Installing sebastian/exporter (4.0.8): Extracting archive
- Installing sebastian/environment (5.1.5): Extracting archive
- Installing sebastian/diff (4.0.6): Extracting archive
- Installing sebastian/comparator (4.0.10): Extracting archive
- Installing sebastian/code-unit (1.0.8): Extracting archive
- Installing sebastian/cli-parser (1.0.2): Extracting archive
- Installing phpunit/php-timer (5.0.3): Extracting archive
- Installing phpunit/php-text-template (2.0.4): Extracting archive
- Installing phpunit/php-invoker (3.1.1): Extracting archive
- Installing phpunit/php-file-iterator (3.0.6): Extracting archive
- Installing theseer/tokenizer (1.3.1): Extracting archive
- Installing nikic/php-parser (v4.19.5): Extracting archive
- Installing sebastian/lines-of-code (1.0.4): Extracting archive
- Installing sebastian/complexity (2.0.3): Extracting archive
- Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
- Installing phpunit/php-code-coverage (9.2.32): Extracting archive
- Installing phar-io/version (3.2.1): Extracting archive
- Installing phar-io/manifest (2.0.4): Extracting archive
- Installing myclabs/deep-copy (1.13.4): Extracting archive
- Installing doctrine/instantiator (2.1.0): Extracting archive
- Installing phpunit/phpunit (9.6.34): Extracting archive
- Installing ockcyp/covers-validator (v1.6.0): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing wikimedia/alea (1.0.1): Extracting archive
- Installing wikimedia/bcp-47-code (v2.0.3): Extracting archive
- Installing wikimedia/zest-css (4.1.1): Extracting archive
- Installing wikimedia/utfnormal (4.0.0): Extracting archive
- Installing wikimedia/remex-html (5.1.0): Extracting archive
- Installing wikimedia/idle-dom (v2.0.1): Extracting archive
- Installing wikimedia/dodo (v0.6.0): Extracting archive
- Installing wikimedia/base-convert (v2.0.2): Extracting archive
- Installing wikimedia/ip-utils (5.0.0): Extracting archive
- Installing wikimedia/json-codec (v4.0.0): Extracting archive
- Installing wikimedia/assert (v0.5.1): Extracting archive
- Installing wikimedia/langconv (0.4.2): Extracting archive
- Installing wikimedia/object-factory (v5.0.1): Extracting archive
- Installing wikimedia/testing-access-wrapper (4.0.0): Extracting archive
- Installing wikimedia/wikipeg (5.0.1): Extracting archive
0/84 [>---------------------------] 0%
10/84 [===>------------------------] 11%
26/84 [========>-------------------] 30%
43/84 [==============>-------------] 51%
57/84 [===================>--------] 67%
71/84 [=======================>----] 84%
83/84 [===========================>] 98%
84/84 [============================] 100%
15 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating optimized autoload files
44 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint",
"eslint-plugin-unicorn"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"node_modules/@eslint/eslintrc",
"node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"@humanwhocodes/config-array": {
"name": "@humanwhocodes/config-array",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "*",
"nodes": [
"node_modules/@humanwhocodes/config-array"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115432,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<5.0.5"
}
],
"effects": [
"minimatch"
],
"range": "<5.0.5",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/brace-expansion"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112705,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.2.2"
}
],
"effects": [],
"range": "5.0.0 - 5.2.1",
"nodes": [
"node_modules/diff"
],
"fixAvailable": true
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"minimatch"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-vue"
],
"range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-unicorn",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jest": {
"name": "eslint-plugin-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "25.0.1 - 29.12.2",
"nodes": [
"node_modules/eslint-plugin-jest"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-unicorn": {
"name": "eslint-plugin-unicorn",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "50.0.0 - 54.0.0",
"nodes": [
"node_modules/eslint-plugin-unicorn"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": false
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112715,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [
"mocha"
],
"range": "4.0.0 - 4.1.0",
"nodes": [
"node_modules/mocha/node_modules/js-yaml"
],
"fixAvailable": false
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
},
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
"brace-expansion"
],
"effects": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"eslint",
"mocha"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@humanwhocodes/config-array/node_modules/minimatch",
"node_modules/eslint-plugin-unicorn/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"diff",
"js-yaml",
"minimatch",
"nanoid",
"serialize-javascript"
],
"effects": [],
"range": "5.1.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": false
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109563,
"name": "nanoid",
"dependency": "nanoid",
"title": "Predictable results in nanoid generation when given non-integer values",
"url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.3.8"
}
],
"effects": [
"mocha"
],
"range": "<3.3.8",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": false
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115490,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115492,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115493,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115495,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/picomatch",
"node_modules/tinyglobby/node_modules/picomatch",
"node_modules/ts-declaration-location/node_modules/picomatch"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113719,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.14.1"
}
],
"effects": [
"request"
],
"range": "<6.14.1",
"nodes": [
"node_modules/request/node_modules/qs"
],
"fixAvailable": false
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"qs",
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115369,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
"node_modules/yaml"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 14,
"high": 4,
"critical": 2,
"total": 21
},
"dependencies": {
"prod": 80,
"dev": 352,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 431
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 431,
"removed": 0,
"changed": 0,
"audited": 432,
"funding": 100,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint",
"eslint-plugin-unicorn"
],
"range": "0.0.1 || >=0.1.1",
"nodes": [
"",
"node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"@humanwhocodes/config-array": {
"name": "@humanwhocodes/config-array",
"severity": "moderate",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"eslint"
],
"range": "*",
"nodes": [
"node_modules/@humanwhocodes/config-array"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115432,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<5.0.5"
}
],
"effects": [
"minimatch"
],
"range": "<5.0.5",
"nodes": [
"",
"",
"node_modules/brace-expansion"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112705,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.2.2"
}
],
"effects": [],
"range": "5.0.0 - 5.2.1",
"nodes": [
"node_modules/diff"
],
"fixAvailable": true
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"minimatch"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-vue"
],
"range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-jest",
"eslint-plugin-jsdoc",
"eslint-plugin-unicorn",
"eslint-plugin-vue"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jest": {
"name": "eslint-plugin-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "25.0.1 - 29.12.2",
"nodes": [
"node_modules/eslint-plugin-jest"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-jsdoc": {
"name": "eslint-plugin-jsdoc",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "8.4.4 - 62.6.1",
"nodes": [
"node_modules/eslint-plugin-jsdoc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-unicorn": {
"name": "eslint-plugin-unicorn",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "50.0.0 - 54.0.0",
"nodes": [
"node_modules/eslint-plugin-unicorn"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"eslint-plugin-vue": {
"name": "eslint-plugin-vue",
"severity": "moderate",
"isDirect": false,
"via": [
"eslint"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "5.0.0-beta.0 - 10.7.0",
"nodes": [
"node_modules/eslint-plugin-vue"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": false
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1112715,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [
"mocha"
],
"range": "4.0.0 - 4.1.0",
"nodes": [
"node_modules/mocha/node_modules/js-yaml"
],
"fixAvailable": false
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
},
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
"brace-expansion"
],
"effects": [
"@eslint/eslintrc",
"@humanwhocodes/config-array",
"eslint",
"mocha"
],
"range": "<=10.0.2",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@humanwhocodes/config-array/node_modules/minimatch",
"node_modules/eslint-plugin-unicorn/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "eslint",
"version": "10.1.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"diff",
"js-yaml",
"minimatch",
"nanoid",
"serialize-javascript"
],
"effects": [],
"range": "5.1.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": false
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109563,
"name": "nanoid",
"dependency": "nanoid",
"title": "Predictable results in nanoid generation when given non-integer values",
"url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.3.8"
}
],
"effects": [
"mocha"
],
"range": "<3.3.8",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": false
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115490,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115492,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115493,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115495,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"",
"",
""
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113719,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.14.1"
}
],
"effects": [
"request"
],
"range": "<6.14.1",
"nodes": [
"node_modules/request/node_modules/qs"
],
"fixAvailable": false
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"qs",
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115369,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 14,
"high": 4,
"critical": 2,
"total": 21
},
"dependencies": {
"prod": 80,
"dev": 352,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 431
}
}
}
}
--- end ---
{"added": 431, "removed": 0, "changed": 0, "audited": 432, "funding": 100, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@eslint/eslintrc": {"name": "@eslint/eslintrc", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["eslint", "eslint-plugin-unicorn"], "range": "0.0.1 || >=0.1.1", "nodes": ["", "node_modules/@eslint/eslintrc"], "fixAvailable": {"name": "eslint", "version": "10.1.0", "isSemVerMajor": true}}, "@humanwhocodes/config-array": {"name": "@humanwhocodes/config-array", "severity": "moderate", "isDirect": false, "via": ["minimatch"], "effects": ["eslint"], "range": "*", "nodes": ["node_modules/@humanwhocodes/config-array"], "fixAvailable": {"name": "eslint", "version": "10.1.0", "isSemVerMajor": true}}, "brace-expansion": {"name": "brace-expansion", "severity": "moderate", "isDirect": false, "via": [{"source": 1115432, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<5.0.5"}], "effects": ["minimatch"], "range": "<5.0.5", "nodes": ["", "", "node_modules/brace-expansion"], "fixAvailable": {"name": "eslint", "version": "10.1.0", "isSemVerMajor": true}}, "diff": {"name": "diff", "severity": "low", "isDirect": false, "via": [{"source": 1112705, "name": "diff", "dependency": "diff", "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch", "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx", "severity": "low", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.2.2"}], "effects": [], "range": "5.0.0 - 5.2.1", "nodes": ["node_modules/diff"], "fixAvailable": true}, "eslint": {"name": "eslint", "severity": "moderate", "isDirect": true, "via": ["@eslint/eslintrc", "@humanwhocodes/config-array", "minimatch"], "effects": ["eslint-config-wikimedia", "eslint-plugin-jest", "eslint-plugin-jsdoc", "eslint-plugin-vue"], "range": "0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2", "nodes": ["node_modules/eslint"], "fixAvailable": {"name": "eslint", "version": "10.1.0", "isSemVerMajor": true}}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["eslint", "eslint-plugin-jest", "eslint-plugin-jsdoc", "eslint-plugin-unicorn", "eslint-plugin-vue"], "effects": [], "range": ">=0.9.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-jest": {"name": "eslint-plugin-jest", "severity": "moderate", "isDirect": false, "via": ["eslint"], "effects": ["eslint-config-wikimedia"], "range": "25.0.1 - 29.12.2", "nodes": ["node_modules/eslint-plugin-jest"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-jsdoc": {"name": "eslint-plugin-jsdoc", "severity": "moderate", "isDirect": false, "via": ["eslint"], "effects": ["eslint-config-wikimedia"], "range": "8.4.4 - 62.6.1", "nodes": ["node_modules/eslint-plugin-jsdoc"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-unicorn": {"name": "eslint-plugin-unicorn", "severity": "moderate", "isDirect": false, "via": ["@eslint/eslintrc"], "effects": ["eslint-config-wikimedia"], "range": "50.0.0 - 54.0.0", "nodes": ["node_modules/eslint-plugin-unicorn"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "eslint-plugin-vue": {"name": "eslint-plugin-vue", "severity": "moderate", "isDirect": false, "via": ["eslint"], "effects": ["eslint-config-wikimedia"], "range": "5.0.0-beta.0 - 10.7.0", "nodes": ["node_modules/eslint-plugin-vue"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}, "form-data": {"name": "form-data", "severity": "critical", "isDirect": false, "via": [{"source": 1109540, "name": "form-data", "dependency": "form-data", "title": "form-data uses unsafe random function in form-data for choosing boundary", "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4", "severity": "critical", "cwe": ["CWE-330"], "cvss": {"score": 0, "vectorString": null}, "range": "<2.5.4"}], "effects": ["request"], "range": "<2.5.4", "nodes": ["node_modules/form-data"], "fixAvailable": false}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1112715, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.1.1"}], "effects": ["mocha"], "range": "4.0.0 - 4.1.0", "nodes": ["node_modules/mocha/node_modules/js-yaml"], "fixAvailable": false}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}, {"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, "brace-expansion"], "effects": ["@eslint/eslintrc", "@humanwhocodes/config-array", "eslint", "mocha"], "range": "<=10.0.2", "nodes": ["node_modules/@eslint/eslintrc/node_modules/minimatch", "node_modules/@humanwhocodes/config-array/node_modules/minimatch", "node_modules/eslint-plugin-unicorn/node_modules/minimatch", "node_modules/eslint/node_modules/minimatch", "node_modules/minimatch"], "fixAvailable": {"name": "eslint", "version": "10.1.0", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "high", "isDirect": true, "via": ["diff", "js-yaml", "minimatch", "nanoid", "serialize-javascript"], "effects": [], "range": "5.1.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": false}, "nanoid": {"name": "nanoid", "severity": "moderate", "isDirect": false, "via": [{"source": 1109563, "name": "nanoid", "dependency": "nanoid", "title": "Predictable results in nanoid generation when given non-integer values", "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55", "severity": "moderate", "cwe": ["CWE-835"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<3.3.8"}], "effects": ["mocha"], "range": "<3.3.8", "nodes": ["node_modules/nanoid"], "fixAvailable": false}, "picomatch": {"name": "picomatch", "severity": "high", "isDirect": false, "via": [{"source": 1115490, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, {"source": 1115492, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.0.4"}, {"source": 1115493, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}, {"source": 1115495, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.0.4"}], "effects": [], "range": "<=2.3.1 || 4.0.0 - 4.0.3", "nodes": ["", "", ""], "fixAvailable": true}, "qs": {"name": "qs", "severity": "moderate", "isDirect": false, "via": [{"source": 1113719, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<6.14.1"}], "effects": ["request"], "range": "<6.14.1", "nodes": ["node_modules/request/node_modules/qs"], "fixAvailable": false}, "request": {"name": "request", "severity": "critical", "isDirect": true, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "form-data", "qs", "tough-cookie"], "effects": [], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}], "effects": ["mocha"], "range": "<=7.0.2", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": false}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": false}, "yaml": {"name": "yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1115369, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}], "effects": [], "range": "2.0.0 - 2.8.2", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 14, "high": 4, "critical": 2, "total": 21}, "dependencies": {"prod": 80, "dev": 352, "optional": 1, "peer": 1, "peerOptional": 0, "total": 431}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN skipping integrity check for git dependency ssh://git@github.com/arlolra/mocha.git
npm WARN deprecated har-validator@5.1.3: this library is no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated core-js@2.6.11: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 430 packages, and audited 431 packages in 9s
100 packages are looking for funding
run `npm fund` for details
# npm audit report
brace-expansion <5.0.5
Severity: moderate
brace-expansion: Zero-step sequence causes process hang and memory exhaustion - https://github.com/advisories/GHSA-f886-m6hf-6m8v
fix available via `npm audit fix --force`
Will install eslint@10.1.0, which is a breaking change
node_modules/brace-expansion
minimatch <=10.0.2
Depends on vulnerable versions of brace-expansion
node_modules/@eslint/eslintrc/node_modules/minimatch
node_modules/@humanwhocodes/config-array/node_modules/minimatch
node_modules/eslint-plugin-unicorn/node_modules/minimatch
node_modules/eslint/node_modules/minimatch
node_modules/minimatch
@eslint/eslintrc 0.0.1 || >=0.1.1
Depends on vulnerable versions of minimatch
node_modules/@eslint/eslintrc
node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc
eslint 0.12.0 - 2.0.0-rc.1 || 4.1.0 - 10.0.0-rc.2
Depends on vulnerable versions of @eslint/eslintrc
Depends on vulnerable versions of @humanwhocodes/config-array
Depends on vulnerable versions of minimatch
node_modules/eslint
eslint-config-wikimedia >=0.9.0
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-plugin-jest
Depends on vulnerable versions of eslint-plugin-jsdoc
Depends on vulnerable versions of eslint-plugin-unicorn
Depends on vulnerable versions of eslint-plugin-vue
node_modules/eslint-config-wikimedia
eslint-plugin-jest 25.0.1 - 29.12.2
Depends on vulnerable versions of eslint
node_modules/eslint-plugin-jest
eslint-plugin-jsdoc 8.4.4 - 62.6.1
Depends on vulnerable versions of eslint
node_modules/eslint-plugin-jsdoc
eslint-plugin-vue 5.0.0-beta.0 - 10.7.0
Depends on vulnerable versions of eslint
node_modules/eslint-plugin-vue
eslint-plugin-unicorn 50.0.0 - 54.0.0
Depends on vulnerable versions of @eslint/eslintrc
node_modules/eslint-plugin-unicorn
@humanwhocodes/config-array *
Depends on vulnerable versions of minimatch
node_modules/@humanwhocodes/config-array
mocha 5.1.0 - 12.0.0-beta-2
Depends on vulnerable versions of diff
Depends on vulnerable versions of js-yaml
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of nanoid
Depends on vulnerable versions of serialize-javascript
node_modules/mocha
diff 5.0.0 - 5.2.1
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - https://github.com/advisories/GHSA-73rr-hh4g-fpgx
fix available via `npm audit fix`
node_modules/diff
form-data <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
No fix available
node_modules/form-data
request *
Depends on vulnerable versions of form-data
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
node_modules/request
js-yaml 4.0.0 - 4.1.0
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
No fix available
node_modules/mocha/node_modules/js-yaml
nanoid <3.3.8
Severity: moderate
Predictable results in nanoid generation when given non-integer values - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
No fix available
node_modules/nanoid
qs <6.14.1
Severity: moderate
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion - https://github.com/advisories/GHSA-6rw7-vpxm-498p
No fix available
node_modules/request/node_modules/qs
serialize-javascript <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
No fix available
node_modules/serialize-javascript
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
19 vulnerabilities (1 low, 13 moderate, 3 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN skipping integrity check for git dependency ssh://git@github.com/arlolra/mocha.git
npm WARN deprecated har-validator@5.1.3: this library is no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated core-js@2.6.11: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 430 packages, and audited 431 packages in 7s
100 packages are looking for funding
run `npm fund` for details
19 vulnerabilities (1 low, 13 moderate, 3 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> parsoid@0.11.0 test
> npm run eslint
> parsoid@0.11.0 eslint
> eslint --cache --ext .js,.json .
/src/repo/bin/benchmark.js
84:4 warning Don't use process.exit(); throw an error instead n/no-process-exit
132:9 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
132:35 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
190:4 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
252:32 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
269:26 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
285:15 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
353:4 warning Don't use process.exit(); throw an error instead n/no-process-exit
/src/repo/bin/diff.html.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
34:22 warning Unsafe Regular Expression security/detect-unsafe-regex
150:16 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
151:17 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
177:27 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/bin/domdiff.test.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
7:23 warning Can't resolve '../lib/html2wt/DOMDiff.js' in '/src/repo/bin' n/no-missing-require
10:29 warning Can't resolve '../lib/logger/ParsoidLogger.js' in '/src/repo/bin' n/no-missing-require
88:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
/src/repo/bin/inspectTokenizer.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
76:10 warning Found createWriteStream from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
83:22 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
227:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
/src/repo/bin/langconv-test.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
12:51 warning Can't resolve '../lib/mw/ApiRequest.js' in '/src/repo/bin' n/no-missing-require
17:41 warning Can't resolve '../lib/config/MWParserEnvironment.js' in '/src/repo/bin' n/no-missing-require
20:37 warning Can't resolve '../lib/mw/ApiRequest.js' in '/src/repo/bin' n/no-missing-require
405:5 warning Found non-literal argument in require security/detect-non-literal-require
625:4 warning Don't use process.exit(); throw an error instead n/no-process-exit
/src/repo/bin/normalize.test.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
64:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
/src/repo/bin/roundtrip-test.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
996:4 warning Don't use process.exit(); throw an error instead n/no-process-exit
/src/repo/lib/config/ParsoidConfig.js
157:19 warning Found non-literal argument in require security/detect-non-literal-require
630:8 warning Found statSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
636:14 warning Found readdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
643:9 warning Found statSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
656:12 warning Found non-literal argument in require security/detect-non-literal-require
/src/repo/lib/html2wt/DOMNormalizer.js
284:17 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp
372:44 warning Unsafe Regular Expression security/detect-unsafe-regex
/src/repo/lib/html2wt/WTSUtils.js
13:20 warning Unsafe Regular Expression security/detect-unsafe-regex
/src/repo/lib/utils/Diff.js
142:24 warning Unsafe Regular Expression security/detect-unsafe-regex
/src/repo/lib/utils/TokenUtils.js
26:10 warning Unsafe Regular Expression security/detect-unsafe-regex
/src/repo/lib/utils/Util.js
159:10 warning Unsafe Regular Expression security/detect-unsafe-regex
/src/repo/lib/utils/WTUtils.js
137:37 warning Unsafe Regular Expression security/detect-unsafe-regex
/src/repo/lib/utils/jsutils.js
280:10 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp
/src/repo/tests/TestUtils.js
150:12 warning Unsafe Regular Expression security/detect-unsafe-regex
/src/repo/tests/api-testing/Parsoid.js
668:26 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp
680:26 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp
/src/repo/tests/testreduce/rtTestWrapper.js
13:9 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/tools/ScriptUtils.js
57:4 warning Don't use process.exit(); throw an error instead n/no-process-exit
/src/repo/tools/build-langconv-fst.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
84:21 warning Can't resolve '../lib/language/FST.js' in '/src/repo/tools' n/no-missing-require
109:13 warning Found openSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
302:14 warning Found openSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/tools/compare.linter.results.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
105:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
108:18 warning Found non-literal argument in require security/detect-non-literal-require
112:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
115:18 warning Found non-literal argument in require security/detect-non-literal-require
118:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
/src/repo/tools/fetch-parserTests.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
/src/repo/tools/fetch-revision-data.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
20:31 warning Can't resolve '../lib/mw/ApiRequest.js' in '/src/repo/tools' n/no-missing-require
22:35 warning Can't resolve '../lib/config/MWParserEnvironment.js' in '/src/repo/tools' n/no-missing-require
/src/repo/tools/fetch_stray_toc_edits.js
138:13 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp
/src/repo/tools/gen_timing_data.js
67:18 warning Prefer `String#slice()` over `String#substring()` unicorn/prefer-string-slice
134:17 warning Found non-literal argument in require security/detect-non-literal-require
150:22 warning Can't resolve './configs/common/cache_purge.adaptor.js' in '/src/repo/tools' n/no-missing-require
151:9 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
152:24 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
186:3 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
188:3 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/tools/gen_visualdiff_titles.js
15:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
34:3 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/tools/runRtTests.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
/src/repo/tools/sync-parserTests.js
1:1 warning ES2023 Hashbang comments are forbidden es-x/no-hashbang
263:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
✖ 76 problems (0 errors, 76 warnings)
0 errors and 1 warning potentially fixable with the `--fix` option.
--- end ---
{"1112705": {"source": 1112705, "name": "diff", "dependency": "diff", "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch", "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx", "severity": "low", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.2.2"}}
{"1115490": {"source": 1115490, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, "1115492": {"source": 1115492, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.0.4"}, "1115493": {"source": 1115493, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}, "1115495": {"source": 1115495, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.0.4"}}
Upgrading n:picomatch from 2.3.1, 4.0.3 -> 2.3.2, 4.0.4
{"1115369": {"source": 1115369, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}}
Upgrading n:yaml from 2.4.1 -> 2.8.3
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* yaml: 2.4.1 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpfkdq11eg
--- stdout ---
[REL1_44 decb063] build: Updating npm dependencies
1 file changed, 50 insertions(+), 47 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From decb063f835ef6a28d917f6c54e5e990e9209983 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 27 Mar 2026 12:47:58 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* yaml: 2.4.1 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
Change-Id: I43e362d0f3a61e6ee411c083e73ca930c38d23b6
---
package-lock.json | 97 ++++++++++++++++++++++++-----------------------
1 file changed, 50 insertions(+), 47 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 04f0746..9e5f8c9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -486,9 +486,9 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
- "version": "5.0.3",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
- "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+ "version": "5.0.5",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+ "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"dependencies": {
"balanced-match": "^4.0.2"
@@ -818,9 +818,9 @@
"dev": true
},
"node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0",
@@ -1929,19 +1929,19 @@
}
},
"node_modules/eslint-plugin-unicorn/node_modules/@eslint/eslintrc": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
- "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
+ "version": "3.3.5",
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
+ "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
"dev": true,
"dependencies": {
- "ajv": "^6.12.4",
+ "ajv": "^6.14.0",
"debug": "^4.3.2",
"espree": "^10.0.1",
"globals": "^14.0.0",
"ignore": "^5.2.0",
"import-fresh": "^3.2.1",
"js-yaml": "^4.1.1",
- "minimatch": "^3.1.2",
+ "minimatch": "^3.1.5",
"strip-json-comments": "^3.1.1"
},
"engines": {
@@ -3666,9 +3666,9 @@
"dev": true
},
"node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
"engines": {
"node": ">=8.6"
@@ -4528,9 +4528,9 @@
}
},
"node_modules/tinyglobby/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -4598,9 +4598,9 @@
}
},
"node_modules/ts-declaration-location/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
"engines": {
"node": ">=12"
@@ -4872,15 +4872,18 @@
"dev": true
},
"node_modules/yaml": {
- "version": "2.4.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
- "integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true,
"bin": {
"yaml": "bin.mjs"
},
"engines": {
- "node": ">= 14"
+ "node": ">= 14.6"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/eemeli"
}
},
"node_modules/yaml-eslint-parser": {
@@ -5347,9 +5350,9 @@
"dev": true
},
"brace-expansion": {
- "version": "5.0.3",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
- "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+ "version": "5.0.5",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+ "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"requires": {
"balanced-match": "^4.0.2"
@@ -5590,9 +5593,9 @@
"dev": true
},
"brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"requires": {
"balanced-match": "^1.0.0",
@@ -6424,19 +6427,19 @@
},
"dependencies": {
"@eslint/eslintrc": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
- "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
+ "version": "3.3.5",
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
+ "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
"dev": true,
"requires": {
- "ajv": "^6.12.4",
+ "ajv": "^6.14.0",
"debug": "^4.3.2",
"espree": "^10.0.1",
"globals": "^14.0.0",
"ignore": "^5.2.0",
"import-fresh": "^3.2.1",
"js-yaml": "^4.1.1",
- "minimatch": "^3.1.2",
+ "minimatch": "^3.1.5",
"strip-json-comments": "^3.1.1"
}
},
@@ -7653,9 +7656,9 @@
"dev": true
},
"picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true
},
"pluralize": {
@@ -8277,9 +8280,9 @@
"requires": {}
},
"picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true
}
}
@@ -8319,9 +8322,9 @@
},
"dependencies": {
"picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true
}
}
@@ -8510,9 +8513,9 @@
"dev": true
},
"yaml": {
- "version": "2.4.1",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
- "integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true
},
"yaml-eslint-parser": {
--
2.47.3
--- end ---