This run took 332 seconds.
From d825cf48b0a47b9b703b0441283716f86bc1798f Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 6 Apr 2026 00:19:50 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* api-testing: 1.7.1 → 1.7.3
* jsdoc-wmf-theme: 1.1.0 → 1.2.0
* svgo: 3.3.2 → 3.3.3
* ajv: 6.12.6, 8.17.1 → 6.14.0, 8.18.0
* https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
* basic-ftp: 5.1.0 → 5.2.0
* https://github.com/advisories/GHSA-5rq4-664w-9x2c
* brace-expansion: 1.1.12, 2.0.2 → 1.1.13, 2.0.3
* https://github.com/advisories/GHSA-f886-m6hf-6m8v
* diff: 5.2.0, 8.0.3 → 5.2.2, 8.0.3
* https://github.com/advisories/GHSA-73rr-hh4g-fpgx
* fast-xml-parser: 5.3.3 → 5.5.10
* https://github.com/advisories/GHSA-37qj-frw5-hhjh
* https://github.com/advisories/GHSA-8gc5-j5rx-235r
* https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
* https://github.com/advisories/GHSA-jmr7-xgp7-cmfj
* https://github.com/advisories/GHSA-jp2q-39xq-3w4g
* https://github.com/advisories/GHSA-m7jm-9gc2-mpf2
* flatted: 3.3.3 → 3.4.2
* https://github.com/advisories/GHSA-25h7-pfq9-p65f
* https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
* lodash: 4.17.21 → 4.17.23
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
* markdown-it: 14.1.0 → 14.1.1
* https://github.com/advisories/GHSA-38c4-r59v-3vqw
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* qs: 6.14.1 → 6.14.2
* https://github.com/advisories/GHSA-w7fw-mjwx-w883
* socket.io-parser: 4.2.4 → 4.2.6
* https://github.com/advisories/GHSA-677m-j7p3-52f9
* underscore: 1.13.7 → 1.13.8
* https://github.com/advisories/GHSA-qpx9-hpmf-5gmw
* undici: 6.23.0, 7.19.1 → 6.24.1, 7.24.7
* https://github.com/advisories/GHSA-2mjp-6q6p-2qxm
* https://github.com/advisories/GHSA-4992-7rv2-5pvq
* https://github.com/advisories/GHSA-f269-vfmq-vjvj
* https://github.com/advisories/GHSA-phc3-fgpg-7m6h
* https://github.com/advisories/GHSA-v9p9-hfj2-hcw8
* https://github.com/advisories/GHSA-vrm6-8vpv-qv8q
* yaml: 2.8.2 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
Change-Id: Ia549481bfa66a2fa34fa56ba49333409c364bf39
---
package-lock.json | 565 +++++++++++++++++++++-------------------------
package.json | 6 +-
2 files changed, 255 insertions(+), 316 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index ea60c14..468c9f5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -19,7 +19,7 @@
"@wikimedia/codex": "2.4.0",
"@wikimedia/codex-icons": "2.4.0",
"@wikimedia/karma-firefox-launcher": "2.1.3",
- "api-testing": "1.7.1",
+ "api-testing": "1.7.3",
"chai-openapi-response-validator": "^0.14.2",
"domino": "2.1.0",
"dotenv": "8.2.0",
@@ -34,7 +34,7 @@
"jest-environment-jsdom": "29.7.0",
"jest-fetch-mock": "3.0.3",
"jsdoc": "4.0.5",
- "jsdoc-wmf-theme": "1.1.0",
+ "jsdoc-wmf-theme": "1.2.0",
"karma": "6.4.1",
"karma-chrome-launcher": "3.1.0",
"karma-mocha-reporter": "2.2.5",
@@ -42,7 +42,7 @@
"pinia": "2.0.16",
"qunit": "2.24.1",
"stylelint-config-wikimedia": "0.18.0",
- "svgo": "3.3.2",
+ "svgo": "3.3.3",
"vue": "3.5.13",
"wdio-mediawiki": "file:tests/selenium/wdio-mediawiki",
"xml2js": "^0.6.2"
@@ -2516,11 +2516,10 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/ajv": {
- "version": "6.12.6",
- "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
- "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+ "version": "6.14.0",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
+ "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
@@ -2533,11 +2532,10 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -2592,11 +2590,10 @@
"license": "MIT"
},
"node_modules/@eslint/eslintrc/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -2698,22 +2695,20 @@
}
},
"node_modules/@humanwhocodes/config-array/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"node_modules/@humanwhocodes/config-array/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -3967,11 +3962,10 @@
}
},
"node_modules/@jest/reporters/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -4085,11 +4079,10 @@
}
},
"node_modules/@jest/reporters/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -4495,7 +4488,6 @@
"resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz",
"integrity": "sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==",
"dev": true,
- "license": "MIT",
"engines": {
"node": "^14.21.3 || >=16"
},
@@ -4549,11 +4541,10 @@
"license": "MIT"
},
"node_modules/@paralleldrive/cuid2": {
- "version": "2.2.2",
- "resolved": "https://registry.npmjs.org/@paralleldrive/cuid2/-/cuid2-2.2.2.tgz",
- "integrity": "sha512-ZOBkgDwEdoYVlSeRbYYXs0S9MejQofiVYoTbKzy/6GQa39/q5tQU2IX46+shYnUkpEl3wc+J6wRlar7r2EK2xA==",
+ "version": "2.3.1",
+ "resolved": "https://registry.npmjs.org/@paralleldrive/cuid2/-/cuid2-2.3.1.tgz",
+ "integrity": "sha512-XO7cAxhnTZl0Yggq6jOgjiOHhbgcO4NqFqwSmQpjK3b6TEE6Uj/jfSk6wzYyemh3+I0sHirKSetjQwn5cZktFw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@noble/hashes": "^1.1.5"
}
@@ -4848,16 +4839,6 @@
"integrity": "sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA==",
"dev": true
},
- "node_modules/@trysound/sax": {
- "version": "0.2.0",
- "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz",
- "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==",
- "dev": true,
- "license": "ISC",
- "engines": {
- "node": ">=10.13.0"
- }
- },
"node_modules/@types/babel__core": {
"version": "7.20.5",
"resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz",
@@ -6110,11 +6091,10 @@
}
},
"node_modules/ajv": {
- "version": "8.17.1",
- "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
- "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
+ "version": "8.18.0",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
+ "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
"dev": true,
- "license": "MIT",
"dependencies": {
"fast-deep-equal": "^3.1.3",
"fast-uri": "^3.0.1",
@@ -6236,11 +6216,10 @@
}
},
"node_modules/anymatch/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -6249,14 +6228,13 @@
}
},
"node_modules/api-testing": {
- "version": "1.7.1",
- "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.1.tgz",
- "integrity": "sha512-h6eqLa9uOOpbBXGN6/s91GquV1YprC1XLVtWIRv/25XWFRqHibIBwuXjqcUqFSsU1fgYvfclSMRXuUcCvEmX6A==",
+ "version": "1.7.3",
+ "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.3.tgz",
+ "integrity": "sha512-wvXUqkiflOur6kI57onNt2BQ6Hse0BRCIzThc1W7W4LEfVvLUCyKOp8EQna9tKqMZ7K1Rz/ptrCSzHe9XEo+Bw==",
"dev": true,
- "license": "ISC",
"dependencies": {
"chai": "4.5.0",
- "supertest": "7.1.0"
+ "supertest": "7.2.2"
},
"engines": {
"node": ">= 14.18.0"
@@ -6446,8 +6424,7 @@
"version": "2.0.6",
"resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
"integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==",
- "dev": true,
- "license": "MIT"
+ "dev": true
},
"node_modules/assertion-error": {
"version": "1.1.0",
@@ -6914,9 +6891,9 @@
}
},
"node_modules/basic-ftp": {
- "version": "5.1.0",
- "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.1.0.tgz",
- "integrity": "sha512-RkaJzeJKDbaDWTIPiJwubyljaEPwpVWkm9Rt5h9Nd6h7tEXTJ3VB4qxdZBioV7JO5yLUaOKwz7vDOzlncUsegw==",
+ "version": "5.2.0",
+ "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz",
+ "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -7036,11 +7013,10 @@
"license": "ISC"
},
"node_modules/brace-expansion": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
- "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+ "version": "2.0.3",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+ "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0"
}
@@ -7441,9 +7417,9 @@
}
},
"node_modules/cheerio/node_modules/undici": {
- "version": "7.19.1",
- "resolved": "https://registry.npmjs.org/undici/-/undici-7.19.1.tgz",
- "integrity": "sha512-Gpq0iNm5M6cQWlyHQv9MV+uOj1jWk7LpkoE5vSp/7zjb4zMdAcUD+VL5y0nH4p9EbUklq00eVIIX/XcDHzu5xg==",
+ "version": "7.24.7",
+ "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.7.tgz",
+ "integrity": "sha512-H/nlJ/h0ggGC+uRL3ovD+G0i4bqhvsDOpbDv7At5eFLlj2b41L8QliGbnl2H7SnDiYhENphh1tQFJZf+MyfLsQ==",
"dev": true,
"engines": {
"node": ">=20.18.1"
@@ -7730,7 +7706,6 @@
"resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.1.tgz",
"integrity": "sha512-T0+barUSQRTUQASh8bx02dl+DhF54GtIDY13Y3m9oWTklKbb3Wv974meRpeZ3lp1JpLVECWWNHC4vaG2XHXouQ==",
"dev": true,
- "license": "MIT",
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
@@ -7872,12 +7847,20 @@
"node": ">= 0.6"
}
},
+ "node_modules/cookie-signature": {
+ "version": "1.2.2",
+ "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",
+ "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==",
+ "dev": true,
+ "engines": {
+ "node": ">=6.6.0"
+ }
+ },
"node_modules/cookiejar": {
"version": "2.1.4",
"resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz",
"integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==",
- "dev": true,
- "license": "MIT"
+ "dev": true
},
"node_modules/core-js-compat": {
"version": "3.45.1",
@@ -8612,7 +8595,6 @@
"resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.4.tgz",
"integrity": "sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==",
"dev": true,
- "license": "ISC",
"dependencies": {
"asap": "^2.0.0",
"wrappy": "1"
@@ -8958,15 +8940,14 @@
}
},
"node_modules/editorconfig": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz",
- "integrity": "sha512-L9Qe08KWTlqYMVvMcTIvMAdl1cDUubzRNYL+WfA4bLDMHe4nemKkpmYzkznE1FwLKu0EEmy6obgQKzMJrg4x9Q==",
+ "version": "1.0.7",
+ "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz",
+ "integrity": "sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@one-ini/wasm": "0.1.1",
"commander": "^10.0.0",
- "minimatch": "9.0.1",
+ "minimatch": "^9.0.1",
"semver": "^7.5.3"
},
"bin": {
@@ -8986,22 +8967,6 @@
"node": ">=14"
}
},
- "node_modules/editorconfig/node_modules/minimatch": {
- "version": "9.0.1",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz",
- "integrity": "sha512-0jWhJpD/MdhPXwPuiRkCbfYfSKp2qnn2eOc279qI7f+osl/l+prKSrvhg157zSYvx/1nmgn2NqdT6k2Z7zSH9w==",
- "dev": true,
- "license": "ISC",
- "dependencies": {
- "brace-expansion": "^2.0.1"
- },
- "engines": {
- "node": ">=16 || 14 >=14.17"
- },
- "funding": {
- "url": "https://github.com/sponsors/isaacs"
- }
- },
"node_modules/editorconfig/node_modules/semver": {
"version": "7.7.2",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
@@ -10279,11 +10244,10 @@
}
},
"node_modules/eslint/node_modules/ajv": {
- "version": "6.12.6",
- "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
- "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+ "version": "6.14.0",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
+ "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
@@ -10312,11 +10276,10 @@
}
},
"node_modules/eslint/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -10464,11 +10427,10 @@
}
},
"node_modules/eslint/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -11028,8 +10990,7 @@
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
"integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==",
- "dev": true,
- "license": "MIT"
+ "dev": true
},
"node_modules/fast-uri": {
"version": "3.1.0",
@@ -11048,10 +11009,25 @@
],
"license": "BSD-3-Clause"
},
+ "node_modules/fast-xml-builder": {
+ "version": "1.1.4",
+ "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.4.tgz",
+ "integrity": "sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg==",
+ "dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/NaturalIntelligence"
+ }
+ ],
+ "dependencies": {
+ "path-expression-matcher": "^1.1.3"
+ }
+ },
"node_modules/fast-xml-parser": {
- "version": "5.3.3",
- "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.3.tgz",
- "integrity": "sha512-2O3dkPAAC6JavuMm8+4+pgTk+5hoAs+CjZ+sWcQLkX9+/tHRuTkQh/Oaifr8qDmZ8iEHb771Ea6G8CdwkrgvYA==",
+ "version": "5.5.10",
+ "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.10.tgz",
+ "integrity": "sha512-go2J2xODMc32hT+4Xr/bBGXMaIoiCwrwp2mMtAvKyvEFW6S/v5Gn2pBmE4nvbwNjGhpcAiOwEv7R6/GZ6XRa9w==",
"dev": true,
"funding": [
{
@@ -11060,7 +11036,9 @@
}
],
"dependencies": {
- "strnum": "^2.1.0"
+ "fast-xml-builder": "^1.1.4",
+ "path-expression-matcher": "^1.2.1",
+ "strnum": "^2.2.2"
},
"bin": {
"fxparser": "src/cli/cli.js"
@@ -11156,9 +11134,9 @@
}
},
"node_modules/filelist/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -11312,11 +11290,10 @@
}
},
"node_modules/flatted": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
- "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
- "dev": true,
- "license": "ISC"
+ "version": "3.4.2",
+ "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+ "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
+ "dev": true
},
"node_modules/follow-redirects": {
"version": "1.15.11",
@@ -11380,11 +11357,10 @@
}
},
"node_modules/form-data": {
- "version": "4.0.4",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
- "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+ "version": "4.0.5",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
+ "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
@@ -11401,7 +11377,6 @@
"resolved": "https://registry.npmjs.org/formidable/-/formidable-3.5.4.tgz",
"integrity": "sha512-YikH+7CUTOtP44ZTnUhR7Ic2UASBPOqmaRkRKxRbywPTe5VxF7RRCck4af9wutiZ/QKM5nME9Bie2fFaPz5Gug==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@paralleldrive/cuid2": "^2.2.2",
"dezalgo": "^1.0.4",
@@ -11815,11 +11790,10 @@
}
},
"node_modules/globule/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -12434,11 +12408,10 @@
}
},
"node_modules/grunt/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -13881,11 +13854,10 @@
}
},
"node_modules/jest-config/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -13977,11 +13949,10 @@
}
},
"node_modules/jest-config/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -15112,11 +15083,10 @@
}
},
"node_modules/jest-runtime/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -15228,11 +15198,10 @@
}
},
"node_modules/jest-runtime/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -15555,11 +15524,10 @@
}
},
"node_modules/jest-util/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -15960,15 +15928,15 @@
}
},
"node_modules/jsdoc-wmf-theme": {
- "version": "1.1.0",
- "resolved": "https://registry.npmjs.org/jsdoc-wmf-theme/-/jsdoc-wmf-theme-1.1.0.tgz",
- "integrity": "sha512-0BQMgaSBmdGRVSiyAF7SMm1mTS59Y5vpPHAFFABcZRL15TIc5UyL88DtrrA1nuKL+jgTBsMgaeu8NDfNstC8RA==",
+ "version": "1.2.0",
+ "resolved": "https://registry.npmjs.org/jsdoc-wmf-theme/-/jsdoc-wmf-theme-1.2.0.tgz",
+ "integrity": "sha512-4eWBcH+3KrAg+qrTOJoNxWqLtra63TbCBXCxsaTvz4x5VsXN4e63/9S4dACX+8GLflcnAEZMp9IJK8RlMwMJ0g==",
"dev": true,
- "license": "Apache-2.0",
"dependencies": {
"@jsdoc/salty": "^0.2.8",
"@wikimedia/codex-design-tokens": "1.1.1",
"domino": "^2.1.6",
+ "jsdoc": "^4.0.5",
"jsdoc-class-hierarchy": "1.1.2",
"lunr": "2.3.9",
"marked": "^12.0.2",
@@ -16374,11 +16342,10 @@
}
},
"node_modules/karma/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -16484,11 +16451,10 @@
}
},
"node_modules/karma/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -16510,11 +16476,10 @@
}
},
"node_modules/karma/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -16845,11 +16810,10 @@
}
},
"node_modules/lodash": {
- "version": "4.17.21",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
- "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
- "dev": true,
- "license": "MIT"
+ "version": "4.17.23",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+ "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+ "dev": true
},
"node_modules/lodash.clonedeep": {
"version": "4.5.0",
@@ -17062,11 +17026,10 @@
}
},
"node_modules/markdown-it": {
- "version": "14.1.0",
- "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz",
- "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==",
+ "version": "14.1.1",
+ "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
+ "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"argparse": "^2.0.1",
"entities": "^4.4.0",
@@ -17183,7 +17146,6 @@
"resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
"integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">= 0.6"
}
@@ -17203,11 +17165,10 @@
}
},
"node_modules/micromatch/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -17272,13 +17233,12 @@
}
},
"node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
- "license": "ISC",
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -17466,11 +17426,10 @@
"license": "MIT"
},
"node_modules/mocha/node_modules/diff": {
- "version": "5.2.0",
- "resolved": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz",
- "integrity": "sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A==",
+ "version": "5.2.2",
+ "resolved": "https://registry.npmjs.org/diff/-/diff-5.2.2.tgz",
+ "integrity": "sha512-vtcDfH3TOjP8UekytvnHH1o1P4FcUdt4eQ1Y+Abap1tk/OB2MWQvcwS2ClCd1zuIhc3JKOx6p3kod8Vfys3E+A==",
"dev": true,
- "license": "BSD-3-Clause",
"engines": {
"node": ">=0.3.1"
}
@@ -17603,11 +17562,10 @@
}
},
"node_modules/mocha/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^2.0.1"
},
@@ -17632,11 +17590,10 @@
}
},
"node_modules/mocha/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -17775,22 +17732,20 @@
}
},
"node_modules/multimatch/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"node_modules/multimatch/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -18465,6 +18420,21 @@
"node": ">=8"
}
},
+ "node_modules/path-expression-matcher": {
+ "version": "1.2.1",
+ "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.2.1.tgz",
+ "integrity": "sha512-d7gQQmLvAKXKXE2GeP9apIGbMYKz88zWdsn/BN2HRWVQsDFdUY36WSLTY0Jvd4HWi7Fb30gQ62oAOzdgJA6fZw==",
+ "dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/NaturalIntelligence"
+ }
+ ],
+ "engines": {
+ "node": ">=14.0.0"
+ }
+ },
"node_modules/path-is-absolute": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
@@ -18591,11 +18561,10 @@
"license": "ISC"
},
"node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=12"
},
@@ -19045,9 +19014,9 @@
}
},
"node_modules/qs": {
- "version": "6.14.1",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
- "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
+ "version": "6.14.2",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+ "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
"dev": true,
"dependencies": {
"side-channel": "^1.1.0"
@@ -19415,9 +19384,9 @@
}
},
"node_modules/readdir-glob/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -19466,9 +19435,9 @@
}
},
"node_modules/recursive-readdir/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0",
@@ -19476,9 +19445,9 @@
}
},
"node_modules/recursive-readdir/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -19795,11 +19764,10 @@
}
},
"node_modules/rimraf/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -19828,11 +19796,10 @@
}
},
"node_modules/rimraf/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -19980,11 +19947,13 @@
"license": "MIT"
},
"node_modules/sax": {
- "version": "1.4.1",
- "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.1.tgz",
- "integrity": "sha512-+aWOz7yVScEGoKNd4PA10LZ8sk0A/z5+nXQG5giUO5rprX9jgYsTdov9qCchZiPIZezbZH+jRut8nPodFAX4Jg==",
+ "version": "1.6.0",
+ "resolved": "https://registry.npmjs.org/sax/-/sax-1.6.0.tgz",
+ "integrity": "sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==",
"dev": true,
- "license": "ISC"
+ "engines": {
+ "node": ">=11.0.0"
+ }
},
"node_modules/saxes": {
"version": "6.0.0",
@@ -20317,37 +20286,18 @@
}
},
"node_modules/socket.io-parser": {
- "version": "4.2.4",
- "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.4.tgz",
- "integrity": "sha512-/GbIKmo8ioc+NIWIhwdecY0ge+qVBSMdgxGygevmdHj24bsfgtCmcUUcQ5ZzcylGFHsN3k4HB4Cgkl96KVnuew==",
+ "version": "4.2.6",
+ "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz",
+ "integrity": "sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@socket.io/component-emitter": "~3.1.0",
- "debug": "~4.3.1"
+ "debug": "~4.4.1"
},
"engines": {
"node": ">=10.0.0"
}
},
- "node_modules/socket.io-parser/node_modules/debug": {
- "version": "4.3.7",
- "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz",
- "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==",
- "dev": true,
- "license": "MIT",
- "dependencies": {
- "ms": "^2.1.3"
- },
- "engines": {
- "node": ">=6.0"
- },
- "peerDependenciesMeta": {
- "supports-color": {
- "optional": true
- }
- }
- },
"node_modules/socket.io/node_modules/debug": {
"version": "4.3.7",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz",
@@ -20812,9 +20762,9 @@
}
},
"node_modules/strnum": {
- "version": "2.1.2",
- "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.1.2.tgz",
- "integrity": "sha512-l63NF9y/cLROq/yqKXSLtcMeeyOfnSQlfMSlzFt/K73oIaD8DGaQWd7Z34X9GPiKqP5rbSh84Hl4bOlLcjiSrQ==",
+ "version": "2.2.2",
+ "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.2.tgz",
+ "integrity": "sha512-DnR90I+jtXNSTXWdwrEy9FakW7UX+qUZg28gj5fk2vxxl7uS/3bpI4fjFYVmdK9etptYBPNkpahuQnEwhwECqA==",
"dev": true,
"funding": [
{
@@ -21413,37 +21363,34 @@
}
},
"node_modules/superagent": {
- "version": "9.0.2",
- "resolved": "https://registry.npmjs.org/superagent/-/superagent-9.0.2.tgz",
- "integrity": "sha512-xuW7dzkUpcJq7QnhOsnNUgtYp3xRwpt2F7abdRYIpCsAt0hhUqia0EdxyXZQQpNmGtsCzYHryaKSV3q3GJnq7w==",
- "deprecated": "Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net",
+ "version": "10.3.0",
+ "resolved": "https://registry.npmjs.org/superagent/-/superagent-10.3.0.tgz",
+ "integrity": "sha512-B+4Ik7ROgVKrQsXTV0Jwp2u+PXYLSlqtDAhYnkkD+zn3yg8s/zjA2MeGayPoY/KICrbitwneDHrjSotxKL+0XQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "component-emitter": "^1.3.0",
+ "component-emitter": "^1.3.1",
"cookiejar": "^2.1.4",
- "debug": "^4.3.4",
+ "debug": "^4.3.7",
"fast-safe-stringify": "^2.1.1",
- "form-data": "^4.0.0",
- "formidable": "^3.5.1",
+ "form-data": "^4.0.5",
+ "formidable": "^3.5.4",
"methods": "^1.1.2",
"mime": "2.6.0",
- "qs": "^6.11.0"
+ "qs": "^6.14.1"
},
"engines": {
"node": ">=14.18.0"
}
},
"node_modules/supertest": {
- "version": "7.1.0",
- "resolved": "https://registry.npmjs.org/supertest/-/supertest-7.1.0.tgz",
- "integrity": "sha512-5QeSO8hSrKghtcWEoPiO036fxH0Ii2wVQfFZSP0oqQhmjk8bOLhDFXr4JrvaFmPuEWUoq4znY3uSi8UzLKxGqw==",
- "deprecated": "Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net",
+ "version": "7.2.2",
+ "resolved": "https://registry.npmjs.org/supertest/-/supertest-7.2.2.tgz",
+ "integrity": "sha512-oK8WG9diS3DlhdUkcFn4tkNIiIbBx9lI2ClF8K+b2/m8Eyv47LSawxUzZQSNKUrVb2KsqeTDCcjAAVPYaSLVTA==",
"dev": true,
- "license": "MIT",
"dependencies": {
+ "cookie-signature": "^1.2.2",
"methods": "^1.1.2",
- "superagent": "^9.0.1"
+ "superagent": "^10.3.0"
},
"engines": {
"node": ">=14.18.0"
@@ -21522,19 +21469,18 @@
"dev": true
},
"node_modules/svgo": {
- "version": "3.3.2",
- "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.2.tgz",
- "integrity": "sha512-OoohrmuUlBs8B8o6MB2Aevn+pRIH9zDALSR+6hhqVfa6fRwG/Qw9VUMSMW9VNg2CFc/MTIfabtdOVl9ODIJjpw==",
+ "version": "3.3.3",
+ "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.3.tgz",
+ "integrity": "sha512-+wn7I4p7YgJhHs38k2TNjy1vCfPIfLIJWR5MnCStsN8WuuTcBnRKcMHQLMM2ijxGZmDoZwNv8ipl5aTTen62ng==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@trysound/sax": "0.2.0",
"commander": "^7.2.0",
"css-select": "^5.1.0",
"css-tree": "^2.3.1",
"css-what": "^6.1.0",
"csso": "^5.0.5",
- "picocolors": "^1.0.0"
+ "picocolors": "^1.0.0",
+ "sax": "^1.5.0"
},
"bin": {
"svgo": "bin/svgo"
@@ -21671,11 +21617,10 @@
}
},
"node_modules/test-exclude/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -21704,11 +21649,10 @@
}
},
"node_modules/test-exclude/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -22105,11 +22049,10 @@
}
},
"node_modules/underscore": {
- "version": "1.13.7",
- "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.7.tgz",
- "integrity": "sha512-GMXzWtsc57XAtguZgaQViUOzs0KTkk8ojr3/xAxXLITqf/3EMwxC0inyETfDFjH/Krbhuep0HNbbjI9i/q3F3g==",
- "dev": true,
- "license": "MIT"
+ "version": "1.13.8",
+ "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.8.tgz",
+ "integrity": "sha512-DXtD3ZtEQzc7M8m4cXotyHR+FAS18C64asBYY5vqZexfYryNNnDc02W4hKg3rdQuqOYas1jkseX0+nZXjTXnvQ==",
+ "dev": true
},
"node_modules/underscore.string": {
"version": "3.3.6",
@@ -22126,9 +22069,9 @@
}
},
"node_modules/undici": {
- "version": "6.23.0",
- "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
- "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
+ "version": "6.24.1",
+ "resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz",
+ "integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==",
"dev": true,
"engines": {
"node": ">=18.17"
@@ -22621,8 +22564,10 @@
}
},
"node_modules/wdio-mediawiki": {
- "resolved": "tests/selenium/wdio-mediawiki",
- "link": true
+ "version": "6.5.0",
+ "resolved": "file:tests/selenium/wdio-mediawiki",
+ "dev": true,
+ "license": "MIT"
},
"node_modules/webdriver": {
"version": "9.23.2",
@@ -23090,11 +23035,10 @@
"license": "ISC"
},
"node_modules/yaml": {
- "version": "2.8.2",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.2.tgz",
- "integrity": "sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true,
- "license": "ISC",
"bin": {
"yaml": "bin.mjs"
},
@@ -23355,11 +23299,6 @@
"dependencies": {
"safe-buffer": "~5.2.0"
}
- },
- "tests/selenium/wdio-mediawiki": {
- "version": "6.5.0",
- "dev": true,
- "license": "MIT"
}
}
}
diff --git a/package.json b/package.json
index bbcbd75..d3fa8ee 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
"@wikimedia/codex": "2.4.0",
"@wikimedia/codex-icons": "2.4.0",
"@wikimedia/karma-firefox-launcher": "2.1.3",
- "api-testing": "1.7.1",
+ "api-testing": "1.7.3",
"chai-openapi-response-validator": "^0.14.2",
"domino": "2.1.0",
"dotenv": "8.2.0",
@@ -41,7 +41,7 @@
"jest-environment-jsdom": "29.7.0",
"jest-fetch-mock": "3.0.3",
"jsdoc": "4.0.5",
- "jsdoc-wmf-theme": "1.1.0",
+ "jsdoc-wmf-theme": "1.2.0",
"karma": "6.4.1",
"karma-chrome-launcher": "3.1.0",
"karma-mocha-reporter": "2.2.5",
@@ -49,7 +49,7 @@
"pinia": "2.0.16",
"qunit": "2.24.1",
"stylelint-config-wikimedia": "0.18.0",
- "svgo": "3.3.2",
+ "svgo": "3.3.3",
"vue": "3.5.13",
"wdio-mediawiki": "file:tests/selenium/wdio-mediawiki",
"xml2js": "^0.6.2"
--
2.47.3
$ date
--- stdout ---
Mon Apr 6 00:14:34 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-core.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
Updating files: 62% (7880/12542)
Updating files: 63% (7902/12542)
Updating files: 64% (8027/12542)
Updating files: 65% (8153/12542)
Updating files: 66% (8278/12542)
Updating files: 67% (8404/12542)
Updating files: 68% (8529/12542)
Updating files: 69% (8654/12542)
Updating files: 70% (8780/12542)
Updating files: 71% (8905/12542)
Updating files: 72% (9031/12542)
Updating files: 73% (9156/12542)
Updating files: 74% (9282/12542)
Updating files: 75% (9407/12542)
Updating files: 76% (9532/12542)
Updating files: 77% (9658/12542)
Updating files: 78% (9783/12542)
Updating files: 79% (9909/12542)
Updating files: 80% (10034/12542)
Updating files: 81% (10160/12542)
Updating files: 82% (10285/12542)
Updating files: 83% (10410/12542)
Updating files: 84% (10536/12542)
Updating files: 85% (10661/12542)
Updating files: 86% (10787/12542)
Updating files: 87% (10912/12542)
Updating files: 88% (11037/12542)
Updating files: 89% (11163/12542)
Updating files: 90% (11288/12542)
Updating files: 91% (11414/12542)
Updating files: 92% (11539/12542)
Updating files: 93% (11665/12542)
Updating files: 94% (11790/12542)
Updating files: 95% (11915/12542)
Updating files: 96% (12041/12542)
Updating files: 97% (12166/12542)
Updating files: 98% (12292/12542)
Updating files: 99% (12417/12542)
Updating files: 100% (12542/12542)
Updating files: 100% (12542/12542), done.
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
6c59a1a3605af6251fa618d5dbd4e187f68409a5 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"ajv": {
"name": "ajv",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113714,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<6.14.0"
},
{
"source": 1113715,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=7.0.0-alpha.0 <8.18.0"
}
],
"effects": [],
"range": "<6.14.0 || >=7.0.0-alpha.0 <8.18.0",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/ajv",
"node_modules/ajv",
"node_modules/eslint/node_modules/ajv"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097679,
"name": "axios",
"dependency": "axios",
"title": "Axios Cross-Site Request Forgery Vulnerability",
"url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": ">=0.8.1 <0.28.0"
},
{
"source": 1111034,
"name": "axios",
"dependency": "axios",
"title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
"url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.30.0"
},
{
"source": 1113274,
"name": "axios",
"dependency": "axios",
"title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
"url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=0.30.2"
}
],
"effects": [
"openapi-validator"
],
"range": "<=0.30.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
"node_modules/basic-ftp"
],
"fixAvailable": true
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115540,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<1.1.13"
},
{
"source": 1115541,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.3"
}
],
"effects": [],
"range": "<1.1.13 || >=2.0.0 <2.0.3",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/brace-expansion",
"node_modules/@humanwhocodes/config-array/node_modules/brace-expansion",
"node_modules/@jest/reporters/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/eslint/node_modules/brace-expansion",
"node_modules/globule/node_modules/brace-expansion",
"node_modules/grunt/node_modules/brace-expansion",
"node_modules/jest-config/node_modules/brace-expansion",
"node_modules/jest-runtime/node_modules/brace-expansion",
"node_modules/karma/node_modules/brace-expansion",
"node_modules/multimatch/node_modules/brace-expansion",
"node_modules/recursive-readdir/node_modules/brace-expansion",
"node_modules/rimraf/node_modules/brace-expansion",
"node_modules/test-exclude/node_modules/brace-expansion"
],
"fixAvailable": true
},
"chai-openapi-response-validator": {
"name": "chai-openapi-response-validator",
"severity": "high",
"isDirect": true,
"via": [
"openapi-validator"
],
"effects": [],
"range": "0.11.2 || >=0.14.2-alpha.0",
"nodes": [
"node_modules/chai-openapi-response-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112705,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.2.2"
}
],
"effects": [],
"range": "5.0.0 - 5.2.1",
"nodes": [
"node_modules/mocha/node_modules/diff"
],
"fixAvailable": true
},
"editorconfig": {
"name": "editorconfig",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [],
"range": "1.0.3 - 1.0.4 || 2.0.0",
"nodes": [
"node_modules/editorconfig"
],
"fixAvailable": true
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has RangeError DoS Numeric Entities Bug",
"url": "https://github.com/advisories/GHSA-37qj-frw5-hhjh",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.9 <=5.3.3"
},
{
"source": 1113568,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
"url": "https://github.com/advisories/GHSA-m7jm-9gc2-mpf2",
"severity": "critical",
"cwe": [
"CWE-185"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"
},
"range": ">=5.0.0 <5.3.5"
},
{
"source": 1113569,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)",
"url": "https://github.com/advisories/GHSA-jmr7-xgp7-cmfj",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.3.6"
},
{
"source": 1114153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.3.8"
},
{
"source": 1115339,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)",
"url": "https://github.com/advisories/GHSA-8gc5-j5rx-235r",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.5.6"
},
{
"source": 1115359,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser",
"url": "https://github.com/advisories/GHSA-jp2q-39xq-3w4g",
"severity": "moderate",
"cwe": [
"CWE-1284"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0-beta.3 <=5.5.6"
}
],
"effects": [],
"range": "4.0.0-beta.3 - 5.5.6",
"nodes": [
"node_modules/fast-xml-parser"
],
"fixAvailable": true
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
},
{
"source": 1115357,
"name": "flatted",
"dependency": "flatted",
"title": "Prototype Pollution via parse() in NodeJS flatted",
"url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.4.1"
}
],
"effects": [],
"range": "<=3.4.1",
"nodes": [
"node_modules/flatted"
],
"fixAvailable": true
},
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint",
"grunt-karma"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-karma": {
"name": "grunt-karma",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-karma"
],
"fixAvailable": false
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/jsdom/node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1112455,
"name": "lodash",
"dependency": "lodash",
"title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=4.0.0 <=4.17.22"
},
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [],
"range": "<=4.17.23",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113190,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it is has a Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-38c4-r59v-3vqw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=13.0.0 <14.1.1"
}
],
"effects": [],
"range": "13.0.0 - 14.1.0",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"editorconfig",
"globule",
"grunt"
],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@humanwhocodes/config-array/node_modules/minimatch",
"node_modules/@jest/reporters/node_modules/minimatch",
"node_modules/editorconfig/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch",
"node_modules/jest-config/node_modules/minimatch",
"node_modules/jest-runtime/node_modules/minimatch",
"node_modules/karma/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/multimatch/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch",
"node_modules/recursive-readdir/node_modules/minimatch",
"node_modules/rimraf/node_modules/minimatch",
"node_modules/test-exclude/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"openapi-validator": {
"name": "openapi-validator",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"chai-openapi-response-validator"
],
"range": ">=0.14.2-alpha.0",
"nodes": [
"node_modules/openapi-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115549,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115551,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115552,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115554,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/anymatch/node_modules/picomatch",
"node_modules/jest-util/node_modules/picomatch",
"node_modules/karma/node_modules/picomatch",
"node_modules/micromatch/node_modules/picomatch",
"node_modules/mocha/node_modules/picomatch",
"node_modules/picomatch"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
}
],
"effects": [],
"range": "6.7.0 - 6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1115723,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"socket.io-parser": {
"name": "socket.io-parser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115154,
"name": "socket.io-parser",
"dependency": "socket.io-parser",
"title": "socket.io allows an unbounded number of binary attachments",
"url": "https://github.com/advisories/GHSA-677m-j7p3-52f9",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=4.0.0 <4.2.6"
}
],
"effects": [],
"range": "4.0.0 - 4.2.5",
"nodes": [
"node_modules/socket.io-parser"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1114151,
"name": "svgo",
"dependency": "svgo",
"title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)",
"url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.3.3"
}
],
"effects": [],
"range": "3.0.0 - 3.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.3.3",
"isSemVerMajor": false
}
},
"underscore": {
"name": "underscore",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113950,
"name": "underscore",
"dependency": "underscore",
"title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw",
"severity": "high",
"cwe": [
"CWE-674",
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.13.7"
}
],
"effects": [],
"range": "<=1.13.7",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114591,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114592,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.24.0"
},
{
"source": 1114593,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114594,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.24.0"
},
{
"source": 1114637,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114638,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114639,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114640,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114641,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114642,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.24.0"
},
{
"source": 1114643,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.17.0 <7.24.0"
}
],
"effects": [],
"range": "<=6.23.0 || 7.0.0 - 7.23.0",
"nodes": [
"node_modules/cheerio/node_modules/undici",
"node_modules/undici"
],
"fixAvailable": true
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115556,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
"node_modules/yaml"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 6,
"moderate": 4,
"high": 21,
"critical": 2,
"total": 33
},
"dependencies": {
"prod": 1,
"dev": 1745,
"optional": 38,
"peer": 2,
"peerOptional": 0,
"total": 1745
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
> MediaWiki\Composer\VersionChecker::onEvent
Loading composer repositories with package information
Updating dependencies
Lock file operations: 139 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking danog/advanced-json-rpc (v3.2.3)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/dbal (3.10.5)
- Locking doctrine/deprecations (1.1.6)
- Locking doctrine/event-manager (2.1.1)
- Locking doctrine/instantiator (2.1.0)
- Locking doctrine/sql-formatter (1.5.4)
- Locking ergebnis/phpunit-slow-test-detector (2.24.0)
- Locking giorgiosironi/eris (0.14.1)
- Locking guzzlehttp/guzzle (7.10.0)
- Locking guzzlehttp/promises (2.3.0)
- Locking guzzlehttp/psr7 (2.9.0)
- Locking hamcrest/hamcrest-php (v2.1.1)
- Locking justinrainbow/json-schema (5.3.2)
- Locking lcobucci/jwt (5.6.0)
- Locking liuggio/statsd-php-client (v1.0.18)
- Locking mck89/peast (v1.17.5)
- Locking mediawiki/mediawiki-codesniffer (v50.0.0)
- Locking mediawiki/mediawiki-phan-config (0.20.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking mediawiki/phan-taint-check-plugin (9.1.0)
- Locking monolog/monolog (2.11.0)
- Locking myclabs/deep-copy (1.13.4)
- Locking netresearch/jsonmapper (v5.0.1)
- Locking nikic/php-parser (v5.7.0)
- Locking okvpn/clock-lts (1.0.0)
- Locking oojs/oojs-ui (v0.53.1)
- Locking pear/console_getopt (v1.4.3)
- Locking pear/mail (v2.0.0)
- Locking pear/mail_mime (1.10.12)
- Locking pear/net_smtp (1.12.2)
- Locking pear/net_socket (v1.2.2)
- Locking pear/net_url2 (v2.2.3)
- Locking pear/pear-core-minimal (v1.10.18)
- Locking pear/pear_exception (v1.0.2)
- Locking phan/phan (6.0.2)
- Locking phan/tolerant-php-parser (v0.2.0)
- Locking phan/var_representation_polyfill (0.1.4)
- Locking phar-io/manifest (2.0.4)
- Locking phar-io/version (3.2.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (6.0.3)
- Locking phpdocumentor/type-resolver (2.0.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking phpunit/php-code-coverage (9.2.32)
- Locking phpunit/php-file-iterator (3.0.6)
- Locking phpunit/php-invoker (3.1.1)
- Locking phpunit/php-text-template (2.0.4)
- Locking phpunit/php-timer (5.0.3)
- Locking phpunit/phpunit (9.6.34)
- Locking psr/cache (3.0.0)
- Locking psr/clock (1.0.0)
- Locking psr/container (2.0.2)
- Locking psr/http-client (1.0.3)
- Locking psr/http-factory (1.1.0)
- Locking psr/http-message (2.0)
- Locking psr/log (1.1.4)
- Locking psy/psysh (v0.12.22)
- Locking ralouphie/getallheaders (3.0.3)
- Locking sabre/event (6.0.1)
- Locking sebastian/cli-parser (1.0.2)
- Locking sebastian/code-unit (1.0.8)
- Locking sebastian/code-unit-reverse-lookup (2.0.3)
- Locking sebastian/comparator (4.0.10)
- Locking sebastian/complexity (2.0.3)
- Locking sebastian/diff (4.0.6)
- Locking sebastian/environment (5.1.5)
- Locking sebastian/exporter (4.0.8)
- Locking sebastian/global-state (5.0.8)
- Locking sebastian/lines-of-code (1.0.4)
- Locking sebastian/object-enumerator (4.0.4)
- Locking sebastian/object-reflector (2.0.4)
- Locking sebastian/recursion-context (4.0.6)
- Locking sebastian/resource-operations (3.0.4)
- Locking sebastian/type (3.2.1)
- Locking sebastian/version (3.0.2)
- Locking seld/jsonlint (1.11.0)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v7.4.8)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-php83 (v1.33.0)
- Locking symfony/polyfill-php84 (v1.33.0)
- Locking symfony/polyfill-php85 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v7.3.8)
- Locking symfony/var-dumper (v8.0.8)
- Locking symfony/yaml (v7.4.6)
- Locking theseer/tokenizer (1.3.1)
- Locking webmozart/assert (2.1.6)
- Locking wikimedia/alea (1.0.1)
- Locking wikimedia/assert (v0.5.1)
- Locking wikimedia/at-ease (v3.0.0)
- Locking wikimedia/base-convert (v2.0.2)
- Locking wikimedia/bcp-47-code (v2.0.3)
- Locking wikimedia/cdb (3.0.0)
- Locking wikimedia/cldr-plural-rule-parser (v3.0.0)
- Locking wikimedia/codex (v0.7.1)
- Locking wikimedia/common-passwords (v0.5.1)
- Locking wikimedia/composer-merge-plugin (v2.1.0)
- Locking wikimedia/css-sanitizer (v6.2.1)
- Locking wikimedia/cssjanus (v2.3.0)
- Locking wikimedia/html-formatter (4.1.0)
- Locking wikimedia/idle-dom (v2.1.1)
- Locking wikimedia/ip-utils (6.0.1)
- Locking wikimedia/json-codec (v4.0.0)
- Locking wikimedia/langconv (0.5.0)
- Locking wikimedia/less.php (v5.5.1)
- Locking wikimedia/minify (2.10.0)
- Locking wikimedia/normalized-exception (v2.1.1)
- Locking wikimedia/object-factory (v6.0.0)
- Locking wikimedia/parsoid (v0.23.0-a24)
- Locking wikimedia/php-session-serializer (v3.0.2)
- Locking wikimedia/purtle (v2.0.0)
- Locking wikimedia/relpath (4.1.1)
- Locking wikimedia/remex-html (6.0.0)
- Locking wikimedia/request-timeout (v3.0.0)
- Locking wikimedia/running-stat (v2.2.0)
- Locking wikimedia/scoped-callback (v5.0.0)
- Locking wikimedia/services (4.0.0)
- Locking wikimedia/shellbox (4.4.0)
- Locking wikimedia/testing-access-wrapper (4.0.0)
- Locking wikimedia/timestamp (v5.1.0)
- Locking wikimedia/utfnormal (4.0.0)
- Locking wikimedia/wait-condition-loop (v2.0.2)
- Locking wikimedia/wikipeg (6.1.1)
- Locking wikimedia/wrappedstring (v4.1.0)
- Locking wikimedia/xmp-reader (0.10.2)
- Locking wikimedia/zest-css (4.1.1)
- Locking wmde/hamcrest-html-matchers (v1.1.0)
- Locking zordius/lightncandy (v1.2.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 139 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing wikimedia/composer-merge-plugin (v2.1.0): Extracting archive
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing psr/log (1.1.4): Extracting archive
- Installing psr/cache (3.0.0): Extracting archive
- Installing doctrine/event-manager (2.1.1): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing doctrine/dbal (3.10.5): Extracting archive
- Installing doctrine/sql-formatter (1.5.4): Extracting archive
- Installing sebastian/version (3.0.2): Extracting archive
- Installing sebastian/type (3.2.1): Extracting archive
- Installing sebastian/resource-operations (3.0.4): Extracting archive
- Installing sebastian/recursion-context (4.0.6): Extracting archive
- Installing sebastian/object-reflector (2.0.4): Extracting archive
- Installing sebastian/object-enumerator (4.0.4): Extracting archive
- Installing sebastian/global-state (5.0.8): Extracting archive
- Installing sebastian/exporter (4.0.8): Extracting archive
- Installing sebastian/environment (5.1.5): Extracting archive
- Installing sebastian/diff (4.0.6): Extracting archive
- Installing sebastian/comparator (4.0.10): Extracting archive
- Installing sebastian/code-unit (1.0.8): Extracting archive
- Installing sebastian/cli-parser (1.0.2): Extracting archive
- Installing phpunit/php-timer (5.0.3): Extracting archive
- Installing phpunit/php-text-template (2.0.4): Extracting archive
- Installing phpunit/php-invoker (3.1.1): Extracting archive
- Installing phpunit/php-file-iterator (3.0.6): Extracting archive
- Installing theseer/tokenizer (1.3.1): Extracting archive
- Installing nikic/php-parser (v5.7.0): Extracting archive
- Installing sebastian/lines-of-code (1.0.4): Extracting archive
- Installing sebastian/complexity (2.0.3): Extracting archive
- Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
- Installing phpunit/php-code-coverage (9.2.32): Extracting archive
- Installing phar-io/version (3.2.1): Extracting archive
- Installing phar-io/manifest (2.0.4): Extracting archive
- Installing myclabs/deep-copy (1.13.4): Extracting archive
- Installing doctrine/instantiator (2.1.0): Extracting archive
- Installing phpunit/phpunit (9.6.34): Extracting archive
- Installing ergebnis/phpunit-slow-test-detector (2.24.0): Extracting archive
- Installing giorgiosironi/eris (0.14.1): Extracting archive
- Installing guzzlehttp/promises (2.3.0): Extracting archive
- Installing psr/clock (1.0.0): Extracting archive
- Installing lcobucci/jwt (5.6.0): Extracting archive
- Installing mck89/peast (v1.17.5): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v50.0.0): Extracting archive
- Installing symfony/string (v7.3.8): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.4.8): Extracting archive
- Installing sabre/event (6.0.1): Extracting archive
- Installing phan/var_representation_polyfill (0.1.4): Extracting archive
- Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
- Installing netresearch/jsonmapper (v5.0.1): Extracting archive
- Installing webmozart/assert (2.1.6): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing phpdocumentor/type-resolver (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (6.0.3): Extracting archive
- Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (6.0.2): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing okvpn/clock-lts (1.0.0): Extracting archive
- Installing oojs/oojs-ui (v0.53.1): Extracting archive
- Installing pear/pear_exception (v1.0.2): Extracting archive
- Installing pear/console_getopt (v1.4.3): Extracting archive
- Installing pear/pear-core-minimal (v1.10.18): Extracting archive
- Installing pear/mail (v2.0.0): Extracting archive
- Installing pear/mail_mime (1.10.12): Extracting archive
- Installing pear/net_socket (v1.2.2): Extracting archive
- Installing pear/net_smtp (1.12.2): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing psr/http-message (2.0): Extracting archive
- Installing psr/http-client (1.0.3): Extracting archive
- Installing psr/http-factory (1.1.0): Extracting archive
- Installing symfony/var-dumper (v8.0.8): Extracting archive
- Installing psy/psysh (v0.12.22): Extracting archive
- Installing ralouphie/getallheaders (3.0.3): Extracting archive
- Installing seld/jsonlint (1.11.0): Extracting archive
- Installing symfony/yaml (v7.4.6): Extracting archive
- Installing wikimedia/alea (1.0.1): Extracting archive
- Installing wikimedia/at-ease (v3.0.0): Extracting archive
- Installing wikimedia/cdb (3.0.0): Extracting archive
- Installing wikimedia/cldr-plural-rule-parser (v3.0.0): Extracting archive
- Installing zordius/lightncandy (v1.2.6): Extracting archive
- Installing wikimedia/scoped-callback (v5.0.0): Extracting archive
- Installing wikimedia/services (4.0.0): Extracting archive
- Installing guzzlehttp/psr7 (2.9.0): Extracting archive
- Installing wikimedia/codex (v0.7.1): Extracting archive
- Installing wikimedia/common-passwords (v0.5.1): Extracting archive
- Installing wikimedia/utfnormal (4.0.0): Extracting archive
- Installing wikimedia/css-sanitizer (v6.2.1): Extracting archive
- Installing wikimedia/cssjanus (v2.3.0): Extracting archive
- Installing wikimedia/html-formatter (4.1.0): Extracting archive
- Installing wikimedia/assert (v0.5.1): Extracting archive
- Installing wikimedia/langconv (0.5.0): Extracting archive
- Installing wikimedia/less.php (v5.5.1): Extracting archive
- Installing pear/net_url2 (v2.2.3): Extracting archive
- Installing wikimedia/minify (2.10.0): Extracting archive
- Installing wikimedia/zest-css (4.1.1): Extracting archive
- Installing wikimedia/wikipeg (6.1.1): Extracting archive
- Installing wikimedia/remex-html (6.0.0): Extracting archive
- Installing wikimedia/object-factory (v6.0.0): Extracting archive
- Installing wikimedia/json-codec (v4.0.0): Extracting archive
- Installing wikimedia/base-convert (v2.0.2): Extracting archive
- Installing wikimedia/ip-utils (6.0.1): Extracting archive
- Installing wikimedia/idle-dom (v2.1.1): Extracting archive
- Installing wikimedia/bcp-47-code (v2.0.3): Extracting archive
- Installing symfony/polyfill-php85 (v1.33.0): Extracting archive
- Installing symfony/polyfill-php84 (v1.33.0): Extracting archive
- Installing symfony/polyfill-php83 (v1.33.0): Extracting archive
- Installing liuggio/statsd-php-client (v1.0.18): Extracting archive
- Installing justinrainbow/json-schema (5.3.2): Extracting archive
- Installing wikimedia/parsoid (v0.23.0-a24): Extracting archive
- Installing wikimedia/php-session-serializer (v3.0.2): Extracting archive
- Installing wikimedia/purtle (v2.0.0): Extracting archive
- Installing wikimedia/relpath (4.1.1): Extracting archive
- Installing wikimedia/normalized-exception (v2.1.1): Extracting archive
- Installing wikimedia/request-timeout (v3.0.0): Extracting archive
- Installing wikimedia/running-stat (v2.2.0): Extracting archive
- Installing monolog/monolog (2.11.0): Extracting archive
- Installing guzzlehttp/guzzle (7.10.0): Extracting archive
- Installing wikimedia/shellbox (4.4.0): Extracting archive
- Installing wikimedia/testing-access-wrapper (4.0.0): Extracting archive
- Installing wikimedia/wait-condition-loop (v2.0.2): Extracting archive
- Installing wikimedia/wrappedstring (v4.1.0): Extracting archive
- Installing wikimedia/timestamp (v5.1.0): Extracting archive
- Installing wikimedia/xmp-reader (0.10.2): Extracting archive
- Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
- Installing wmde/hamcrest-html-matchers (v1.1.0): Extracting archive
0/136 [>---------------------------] 0%
28/136 [=====>----------------------] 20%
59/136 [============>---------------] 43%
68/136 [==============>-------------] 50%
88/136 [==================>---------] 64%
98/136 [====================>-------] 72%
110/136 [======================>-----] 80%
126/136 [=========================>--] 92%
136/136 [============================] 100%
27 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package pear/net_socket is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
51 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> MediaWiki\Composer\ComposerVendorHtaccessCreator::onEvent
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
Upgrading n:api-testing from 1.7.1 -> 1.7.3
Upgrading n:jsdoc-wmf-theme from 1.1.0 -> 1.2.0
$ /usr/bin/npm install
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated whatwg-encoding@3.1.1: Use @exodus/bytes instead for a more spec-conformant and faster implementation
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1719 packages, and audited 1720 packages in 32s
231 packages are looking for funding
run `npm fund` for details
33 vulnerabilities (6 low, 4 moderate, 21 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated whatwg-encoding@3.1.1: Use @exodus/bytes instead for a more spec-conformant and faster implementation
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1719 packages, and audited 1720 packages in 37s
231 packages are looking for funding
run `npm fund` for details
33 vulnerabilities (6 low, 4 moderate, 21 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/mediawiki.special.block/stores/block.test.js
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.languageselector/MultiselectLookupLanguageSelector.test.js
PASS tests/jest/mediawiki.languageselector/useLanguageSelector.test.js
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.languageselector/LookupLanguageSelector.test.js
PASS tests/jest/mediawiki.languageselector/factory.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.page.ready/updateThumbnailsToPreferredSize.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.languageselector/languageSearch.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (15.503 s)
Test Suites: 22 passed, 22 total
Tests: 143 passed, 143 total
Snapshots: 3 passed, 3 total
Time: 23.556 s
Ran all test suites.
--- stdout ---
> test
> grunt lint && npm run doc && npm run jest
Running "eslint:all" (eslint) task
/src/repo/resources/src/jquery.lengthLimit.js
41:1 warning Syntax error in namepath: '$.fn.trimByteLength' jsdoc/valid-types
/src/repo/resources/src/jquery/jquery.makeCollapsible.js
441:1 warning Syntax error in namepath: ~'wikipage.collapsibleContent' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action.edit/edit.js
12:1 warning Syntax error in namepath: ~'wikipage.editform' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action/mediawiki.action.view.postEdit.js
21:1 warning Syntax error in namepath: ~'postEdit' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'postEdit.afterRemoval' jsdoc/valid-types
/src/repo/resources/src/mediawiki.api/index.js
213:1 warning The type 'JSON.parse' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.authenticationPopup/AuthPopup.js
181:1 warning The type 'AuthPopup.CheckLoggedIn' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.base/errorLogger.js
8:1 warning Syntax error in namepath: ~'global.error' jsdoc/valid-types
22:1 warning Syntax error in namepath: ~'error.caught' jsdoc/valid-types
/src/repo/resources/src/mediawiki.base/log.js
14:1 warning Found more than one @return declaration jsdoc/require-returns
14:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.base/mediawiki.base.js
248:1 warning The type 'mediawiki.inspect.runReports' is undefined jsdoc/no-undefined-types
274:1 warning The type 'mediawiki.inspect.js.html' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.diff/inlineFormatToggle.js
150:1 warning Syntax error in namepath: ~'wikipage.diff.wikitextDiffBody' jsdoc/valid-types
162:1 warning Syntax error in namepath: ~'wikipage.diff.diffTypeSwitch' jsdoc/valid-types
/src/repo/resources/src/mediawiki.editRecovery/edit.js
184:1 warning Syntax error in namepath: ~'editRecovery.loadEnd' jsdoc/valid-types
/src/repo/resources/src/mediawiki.htmlform/cond-state.js
48:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.htmlform/htmlform.js
5:1 warning Syntax error in namepath: ~'htmlform.enhance' jsdoc/valid-types
/src/repo/resources/src/mediawiki.inspect.js
112:2 warning Found more than one @return declaration jsdoc/require-returns
112:2 warning Found more than one @return declaration jsdoc/require-returns-check
309:18 warning Avoid direct access to localStorage. Use mw.storage instead mediawiki/no-storage
/src/repo/resources/src/mediawiki.jqueryMsg/mediawiki.jqueryMsg.js
148:1 warning Found more than one @return declaration jsdoc/require-returns
148:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.languageselector/LookupLanguageSelector.vue
7:3 warning Attribute ":id" should go before ":menu-config" vue/attributes-order
/src/repo/resources/src/mediawiki.languageselector/MultiselectLookupLanguageSelector.vue
8:3 warning Attribute ":id" should go before ":menu-config" vue/attributes-order
/src/repo/resources/src/mediawiki.notification.convertmessagebox.js
13:1 warning Syntax error in namepath: (require("mediawiki.notification.convertmessagebox")) jsdoc/valid-types
/src/repo/resources/src/mediawiki.page.gallery.slideshow.js
138:22 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
143:22 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.page.preview.js
404:1 warning Syntax error in namepath: ~'wikipage.tableOfContents' jsdoc/valid-types
685:1 warning The type 'Hooks.wikipage.categories' is undefined jsdoc/no-undefined-types
686:1 warning The type 'Hooks.wikipage.content' is undefined jsdoc/no-undefined-types
687:1 warning The type 'Hooks.wikipage.diff' is undefined jsdoc/no-undefined-types
688:1 warning The type 'Hooks.wikipage.indicators' is undefined jsdoc/no-undefined-types
689:1 warning The type 'Hooks.wikipage.tableOfContents' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.page.ready/ready.js
99:1 warning Syntax error in namepath: ~'wikipage.indicators' jsdoc/valid-types
119:1 warning Syntax error in namepath: ~'wikipage.content' jsdoc/valid-types
140:1 warning Syntax error in namepath: ~'wikipage.categories' jsdoc/valid-types
153:1 warning The type 'Hooks.wikipage.content' is undefined jsdoc/no-undefined-types
156:1 warning Syntax error in namepath: ~'wikipage.diff' jsdoc/valid-types
187:1 warning Syntax error in namepath: ~'skin.logout' jsdoc/valid-types
333:7 warning Avoid direct access to sessionStorage. Use mw.storage.session instead mediawiki/no-storage
/src/repo/resources/src/mediawiki.page.watch.ajax/watch-ajax.js
130:1 warning Syntax error in namepath: ~'wikipage.watchlistChange' jsdoc/valid-types
154:1 warning The type 'Hooks.wikipage.watchlistChange' is undefined jsdoc/no-undefined-types
180:1 warning The type 'Hooks.wikipage.watchlistChange' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/Controller.js
330:1 warning Found more than one @return declaration jsdoc/require-returns
330:1 warning Found more than one @return declaration jsdoc/require-returns-check
550:1 warning Syntax error in namepath: ~'RcFilters.highlight.enable' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FilterItem.js
81:1 warning Found more than one @return declaration jsdoc/require-returns
81:1 warning Found more than one @return declaration jsdoc/require-returns-check
335:1 warning The type 'update' is undefined jsdoc/no-undefined-types
351:1 warning The type 'update' is undefined jsdoc/no-undefined-types
366:1 warning The type 'update' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FiltersViewModel.js
1200:1 warning The type 'searchChange' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/mw.rcfilters.js
204:1 warning Syntax error in namepath: ~'structuredChangeFilters.ui.initialized' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/ui/FilterTagMultiselectWidget.js
107:21 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
112:24 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
428:1 warning Syntax error in namepath: ~'RcFilters.popup.open' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/ui/FilterWrapperWidget.js
69:28 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.rcfilters/ui/HighlightColorPickerWidget.js
36:17 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.rcfilters/ui/SavedLinksListItemWidget.js
27:20 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
59:20 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.router/router.js
211:3 warning Unused eslint-disable directive (no problems were reported from 'prefer-const')
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/App.vue
76:3 warning Prop 'router' requires default value to be set vue/require-default-prop
225:1 warning The type 'AbortableSearchFetch' is undefined jsdoc/no-undefined-types
310:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/fetch.js
21:1 warning The type 'RequestInit' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/instrumentation.js
2:1 warning The type 'FetchEndEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SuggestionClickEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/restSearchClient.js
4:1 warning Syntax error in type: import('./urlGenerator.js').UrlGenerator jsdoc/valid-types
17:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
24:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
108:1 warning The type 'fetchRecommendationByTitle' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/urlGenerator.js
2:1 warning The type 'Record' is undefined jsdoc/no-undefined-types
9:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
9:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
30:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
30:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandbox.js
501:9 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js
44:1 warning Found more than one @return declaration jsdoc/require-returns
44:1 warning Found more than one @return declaration jsdoc/require-returns-check
403:19 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
584:7 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.special.block/init.js
26:1 warning Syntax error in namepath: ~'SpecialBlock.block' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'SpecialBlock.form' jsdoc/valid-types
/src/repo/resources/src/mediawiki.util/util.js
590:1 warning The type 'Hooks.util.addPortlet' is undefined jsdoc/no-undefined-types
629:1 warning Syntax error in namepath: ~'util.addPortlet' jsdoc/valid-types
703:1 warning The type 'Hooks.util.addPortletLink' is undefined jsdoc/no-undefined-types
798:1 warning Syntax error in namepath: ~'util.addPortletLink' jsdoc/valid-types
/src/repo/resources/src/mediawiki.widgets.datetime/CalendarWidget.js
114:5 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
120:5 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.widgets.datetime/DateTimeInputWidget.js
449:23 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.widgets/mw.widgets.CalendarWidget.js
355:22 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
363:19 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
369:21 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
375:21 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/startup/mediawiki.loader.js
61:1 warning Syntax error in namepath: ~'resourceloader.exception' jsdoc/valid-types
✖ 97 problems (0 errors, 97 warnings)
0 errors and 3 warnings potentially fixable with the `--fix` option.
Running "banana:core" (banana) task
>> 1 message directory checked.
Running "banana:botpasswords" (banana) task
>> 1 message directory checked.
Running "banana:codex" (banana) task
>> 1 message directory checked.
Running "banana:datetime" (banana) task
>> 1 message directory checked.
Running "banana:exif" (banana) task
>> 1 message directory checked.
Running "banana:nontranslatable" (banana) task
>> 1 message directory checked.
Running "banana:interwiki" (banana) task
>> 1 message directory checked.
Running "banana:preferences" (banana) task
>> 1 message directory checked.
Running "banana:userrights" (banana) task
>> 1 message directory checked.
Running "banana:languageconverter" (banana) task
>> 1 message directory checked.
Running "banana:api" (banana) task
>> 1 message directory checked.
Running "banana:rest" (banana) task
>> 1 message directory checked.
Running "banana:installer" (banana) task
>> 1 message directory checked.
Running "banana:paramvalidator" (banana) task
>> 1 message directory checked.
Running "stylelint:resources" (stylelint) task
>> resources/src/mediawiki.special.apisandbox/apisandbox.less
>> 118:3 ⚠ Unexpected browser feature "css-resize" is not supported by Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3,15.4,15.5,15.6-15.8,16.0,16.1,16.2,16.3,16.4,16.5,16.6-16.7,17.0,17.1,17.2,17.3,17.4,17.5,17.6-17.7,18.0,18.1,18.2,18.3,18.4,18.5-18.6,26.0 plugin/no-unsupported-browser-features
>>
>> resources/src/mediawiki.special.watchlistlabels/labelmanager.less
>> 8:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Edge 79,80,81,83, Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,83, Safari 10,11,12,13,14,10.1,11.1,12.1,13.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
>>
>> resources/src/mediawiki.special.watchlistlabels/LabelOnboarding.vue
>> 160:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Edge 79,80,81,83, Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,83, Safari 10,11,12,13,14,10.1,11.1,12.1,13.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
>>
>> resources/src/mediawiki.special/userrights.less
>> 28:4 ⚠ Unexpected browser feature "css-has" is not supported by Edge 79,80,81,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104, Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104, Safari 10,11,12,13,14,15,10.1,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
>>
>> ⚠ 4 problems (0 errors, 4 warnings)
⚠ 4 warnings
>> Linted 222 files without errors
Running "stylelint:config" (stylelint) task
>> Linted 1 files without errors
Done.
> doc
> jsdoc -c jsdoc.json
> jest
> jest --config tests/jest/jest.config.js
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
All files | 92.82 | 88.8 | 77.22 | 92.82 |
mediawiki.skinning.typeaheadSearch | 86.02 | 80.35 | 56.25 | 86.02 |
App.vue | 76.21 | 69.23 | 16.66 | 76.21 | 176,211-213,218-221,229-253,257-264,273-283,293-306,313-314,318-322,326,330-333,338-341,345-349,354,359-360,366-368
TypeaheadSearchWrapper.vue | 94.24 | 66.66 | 100 | 94.24 | 54-61
fetch.js | 91.37 | 75 | 75 | 91.37 | 38-42
instrumentation.js | 82.82 | 100 | 60 | 82.82 | 4-13,18-24
restSearchClient.js | 97.53 | 77.77 | 85.71 | 97.53 | 121-123,142
urlGenerator.js | 100 | 100 | 100 | 100 |
mediawiki.special.block | 92.43 | 91.54 | 82.35 | 92.43 |
SpecialBlock.vue | 91.54 | 91.11 | 72.72 | 91.54 | 271-280,323-328,334-348,455-472,487-488,499-501
init.js | 100 | 100 | 100 | 100 |
util.js | 94.64 | 90.9 | 100 | 94.64 | 82-84,86-88
mediawiki.special.block/components | 95.09 | 91.23 | 88.09 | 95.09 |
AdditionalDetailsField.vue | 100 | 80 | 100 | 100 | 67
BlockDetailsField.vue | 100 | 100 | 100 | 100 |
BlockLog.vue | 98.94 | 100 | 83.33 | 98.94 | 337-340,401
BlockTypeField.vue | 95.04 | 50 | 100 | 95.04 | 73-77
ConfirmationDialog.vue | 96.34 | 100 | 50 | 96.34 | 70-72
ExpiryField.vue | 94.92 | 87.17 | 100 | 94.92 | 153-154,156-157,185-194,200,255-256
NamespacesField.vue | 90.42 | 88.88 | 66.66 | 90.42 | 60-68
PagesField.vue | 70.06 | 50 | 50 | 70.06 | 46-47,56-57,72-79,88-90,97-118,127-133
ReasonField.vue | 96.89 | 91.3 | 100 | 96.89 | 64,114-117
UserLookup.vue | 97.75 | 95.23 | 100 | 97.75 | 146-148,197-199,232-233
ValidatingTextInput.js | 100 | 100 | 100 | 100 |
mediawiki.special.block/stores | 95.85 | 86.66 | 90 | 95.85 |
block.js | 95.85 | 86.66 | 90 | 95.85 | 341-342,455-456,458-459,479-480,483-484,487-488,506-521
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"ajv": {
"name": "ajv",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113714,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<6.14.0"
},
{
"source": 1113715,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=7.0.0-alpha.0 <8.18.0"
}
],
"effects": [],
"range": "<6.14.0 || >=7.0.0-alpha.0 <8.18.0",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/ajv",
"node_modules/ajv",
"node_modules/eslint/node_modules/ajv"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097679,
"name": "axios",
"dependency": "axios",
"title": "Axios Cross-Site Request Forgery Vulnerability",
"url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": ">=0.8.1 <0.28.0"
},
{
"source": 1111034,
"name": "axios",
"dependency": "axios",
"title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
"url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.30.0"
},
{
"source": 1113274,
"name": "axios",
"dependency": "axios",
"title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
"url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=0.30.2"
}
],
"effects": [
"openapi-validator"
],
"range": "<=0.30.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
"node_modules/basic-ftp"
],
"fixAvailable": true
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115540,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<1.1.13"
},
{
"source": 1115541,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.3"
}
],
"effects": [],
"range": "<1.1.13 || >=2.0.0 <2.0.3",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/brace-expansion",
"node_modules/@humanwhocodes/config-array/node_modules/brace-expansion",
"node_modules/@jest/reporters/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/eslint/node_modules/brace-expansion",
"node_modules/globule/node_modules/brace-expansion",
"node_modules/grunt/node_modules/brace-expansion",
"node_modules/jest-config/node_modules/brace-expansion",
"node_modules/jest-runtime/node_modules/brace-expansion",
"node_modules/karma/node_modules/brace-expansion",
"node_modules/multimatch/node_modules/brace-expansion",
"node_modules/recursive-readdir/node_modules/brace-expansion",
"node_modules/rimraf/node_modules/brace-expansion",
"node_modules/test-exclude/node_modules/brace-expansion"
],
"fixAvailable": true
},
"chai-openapi-response-validator": {
"name": "chai-openapi-response-validator",
"severity": "high",
"isDirect": true,
"via": [
"openapi-validator"
],
"effects": [],
"range": "0.11.2 || >=0.14.2-alpha.0",
"nodes": [
"node_modules/chai-openapi-response-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112705,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.2.2"
}
],
"effects": [],
"range": "5.0.0 - 5.2.1",
"nodes": [
"node_modules/mocha/node_modules/diff"
],
"fixAvailable": true
},
"editorconfig": {
"name": "editorconfig",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [],
"range": "1.0.3 - 1.0.4 || 2.0.0",
"nodes": [
"node_modules/editorconfig"
],
"fixAvailable": true
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has RangeError DoS Numeric Entities Bug",
"url": "https://github.com/advisories/GHSA-37qj-frw5-hhjh",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.9 <=5.3.3"
},
{
"source": 1113568,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
"url": "https://github.com/advisories/GHSA-m7jm-9gc2-mpf2",
"severity": "critical",
"cwe": [
"CWE-185"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"
},
"range": ">=5.0.0 <5.3.5"
},
{
"source": 1113569,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)",
"url": "https://github.com/advisories/GHSA-jmr7-xgp7-cmfj",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.3.6"
},
{
"source": 1114153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.3.8"
},
{
"source": 1115339,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)",
"url": "https://github.com/advisories/GHSA-8gc5-j5rx-235r",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.5.6"
},
{
"source": 1115359,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser",
"url": "https://github.com/advisories/GHSA-jp2q-39xq-3w4g",
"severity": "moderate",
"cwe": [
"CWE-1284"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0-beta.3 <=5.5.6"
}
],
"effects": [],
"range": "4.0.0-beta.3 - 5.5.6",
"nodes": [
"node_modules/fast-xml-parser"
],
"fixAvailable": true
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
},
{
"source": 1115357,
"name": "flatted",
"dependency": "flatted",
"title": "Prototype Pollution via parse() in NodeJS flatted",
"url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.4.1"
}
],
"effects": [],
"range": "<=3.4.1",
"nodes": [
"node_modules/flatted"
],
"fixAvailable": true
},
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint",
"grunt-karma"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-karma": {
"name": "grunt-karma",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-karma"
],
"fixAvailable": false
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/jsdom/node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1112455,
"name": "lodash",
"dependency": "lodash",
"title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=4.0.0 <=4.17.22"
},
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [],
"range": "<=4.17.23",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113190,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it is has a Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-38c4-r59v-3vqw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=13.0.0 <14.1.1"
}
],
"effects": [],
"range": "13.0.0 - 14.1.0",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"editorconfig",
"globule",
"grunt"
],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@humanwhocodes/config-array/node_modules/minimatch",
"node_modules/@jest/reporters/node_modules/minimatch",
"node_modules/editorconfig/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch",
"node_modules/jest-config/node_modules/minimatch",
"node_modules/jest-runtime/node_modules/minimatch",
"node_modules/karma/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/multimatch/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch",
"node_modules/recursive-readdir/node_modules/minimatch",
"node_modules/rimraf/node_modules/minimatch",
"node_modules/test-exclude/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"openapi-validator": {
"name": "openapi-validator",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"chai-openapi-response-validator"
],
"range": ">=0.14.2-alpha.0",
"nodes": [
"node_modules/openapi-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115549,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115551,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115552,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115554,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/anymatch/node_modules/picomatch",
"node_modules/jest-util/node_modules/picomatch",
"node_modules/karma/node_modules/picomatch",
"node_modules/micromatch/node_modules/picomatch",
"node_modules/mocha/node_modules/picomatch",
"node_modules/picomatch"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
}
],
"effects": [],
"range": "6.7.0 - 6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1115723,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"socket.io-parser": {
"name": "socket.io-parser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115154,
"name": "socket.io-parser",
"dependency": "socket.io-parser",
"title": "socket.io allows an unbounded number of binary attachments",
"url": "https://github.com/advisories/GHSA-677m-j7p3-52f9",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=4.0.0 <4.2.6"
}
],
"effects": [],
"range": "4.0.0 - 4.2.5",
"nodes": [
"node_modules/socket.io-parser"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1114151,
"name": "svgo",
"dependency": "svgo",
"title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)",
"url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.3.3"
}
],
"effects": [],
"range": "3.0.0 - 3.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.3.3",
"isSemVerMajor": false
}
},
"underscore": {
"name": "underscore",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113950,
"name": "underscore",
"dependency": "underscore",
"title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw",
"severity": "high",
"cwe": [
"CWE-674",
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.13.7"
}
],
"effects": [],
"range": "<=1.13.7",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114591,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114592,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.24.0"
},
{
"source": 1114593,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114594,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.24.0"
},
{
"source": 1114637,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114638,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114639,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114640,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114641,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114642,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.24.0"
},
{
"source": 1114643,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.17.0 <7.24.0"
}
],
"effects": [],
"range": "<=6.23.0 || 7.0.0 - 7.23.0",
"nodes": [
"node_modules/cheerio/node_modules/undici",
"node_modules/undici"
],
"fixAvailable": true
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115556,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
"node_modules/yaml"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 6,
"moderate": 4,
"high": 21,
"critical": 2,
"total": 33
},
"dependencies": {
"prod": 1,
"dev": 1745,
"optional": 38,
"peer": 2,
"peerOptional": 0,
"total": 1745
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 28,
"removed": 2,
"changed": 52,
"audited": 1746,
"funding": 232,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"ajv": {
"name": "ajv",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113714,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<6.14.0"
},
{
"source": 1113715,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=7.0.0-alpha.0 <8.18.0"
}
],
"effects": [],
"range": "<6.14.0 || >=7.0.0-alpha.0 <8.18.0",
"nodes": [
"",
"",
""
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097679,
"name": "axios",
"dependency": "axios",
"title": "Axios Cross-Site Request Forgery Vulnerability",
"url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": ">=0.8.1 <0.28.0"
},
{
"source": 1111034,
"name": "axios",
"dependency": "axios",
"title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
"url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.30.0"
},
{
"source": 1113274,
"name": "axios",
"dependency": "axios",
"title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
"url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=0.30.2"
}
],
"effects": [
"openapi-validator"
],
"range": "<=0.30.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
""
],
"fixAvailable": true
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115540,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<1.1.13"
},
{
"source": 1115541,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
"severity": "moderate",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": ">=2.0.0 <2.0.3"
}
],
"effects": [],
"range": "<1.1.13 || >=2.0.0 <2.0.3",
"nodes": [
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
""
],
"fixAvailable": true
},
"chai-openapi-response-validator": {
"name": "chai-openapi-response-validator",
"severity": "high",
"isDirect": true,
"via": [
"openapi-validator"
],
"effects": [],
"range": "0.11.2 || >=0.14.2-alpha.0",
"nodes": [
"node_modules/chai-openapi-response-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112705,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.2.2"
}
],
"effects": [],
"range": "5.0.0 - 5.2.1",
"nodes": [
""
],
"fixAvailable": true
},
"editorconfig": {
"name": "editorconfig",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [],
"range": "1.0.3 - 1.0.4 || 2.0.0",
"nodes": [
""
],
"fixAvailable": true
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has RangeError DoS Numeric Entities Bug",
"url": "https://github.com/advisories/GHSA-37qj-frw5-hhjh",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.9 <=5.3.3"
},
{
"source": 1113568,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
"url": "https://github.com/advisories/GHSA-m7jm-9gc2-mpf2",
"severity": "critical",
"cwe": [
"CWE-185"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"
},
"range": ">=5.0.0 <5.3.5"
},
{
"source": 1113569,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)",
"url": "https://github.com/advisories/GHSA-jmr7-xgp7-cmfj",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.3.6"
},
{
"source": 1114153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.3.8"
},
{
"source": 1115339,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)",
"url": "https://github.com/advisories/GHSA-8gc5-j5rx-235r",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.5.6"
},
{
"source": 1115359,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser",
"url": "https://github.com/advisories/GHSA-jp2q-39xq-3w4g",
"severity": "moderate",
"cwe": [
"CWE-1284"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0-beta.3 <=5.5.6"
}
],
"effects": [],
"range": "4.0.0-beta.3 - 5.5.6",
"nodes": [
""
],
"fixAvailable": true
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
},
{
"source": 1115357,
"name": "flatted",
"dependency": "flatted",
"title": "Prototype Pollution via parse() in NodeJS flatted",
"url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.4.1"
}
],
"effects": [],
"range": "<=3.4.1",
"nodes": [
""
],
"fixAvailable": true
},
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint",
"grunt-karma"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-karma": {
"name": "grunt-karma",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-karma"
],
"fixAvailable": false
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/jsdom/node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1112455,
"name": "lodash",
"dependency": "lodash",
"title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=4.0.0 <=4.17.22"
},
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [],
"range": "<=4.17.23",
"nodes": [
"",
"node_modules/lodash"
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113190,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it is has a Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-38c4-r59v-3vqw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=13.0.0 <14.1.1"
}
],
"effects": [],
"range": "13.0.0 - 14.1.0",
"nodes": [
""
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"editorconfig",
"globule",
"grunt"
],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"openapi-validator": {
"name": "openapi-validator",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"chai-openapi-response-validator"
],
"range": ">=0.14.2-alpha.0",
"nodes": [
"node_modules/openapi-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"picomatch": {
"name": "picomatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115549,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<2.3.2"
},
{
"source": 1115551,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1115552,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<2.3.2"
},
{
"source": 1115554,
"name": "picomatch",
"dependency": "picomatch",
"title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
"url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <4.0.4"
}
],
"effects": [],
"range": "<=2.3.1 || 4.0.0 - 4.0.3",
"nodes": [
"",
"",
"",
"",
"",
""
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
}
],
"effects": [],
"range": "6.7.0 - 6.14.1",
"nodes": [
""
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1115723,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"socket.io-parser": {
"name": "socket.io-parser",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115154,
"name": "socket.io-parser",
"dependency": "socket.io-parser",
"title": "socket.io allows an unbounded number of binary attachments",
"url": "https://github.com/advisories/GHSA-677m-j7p3-52f9",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=4.0.0 <4.2.6"
}
],
"effects": [],
"range": "4.0.0 - 4.2.5",
"nodes": [
""
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1114151,
"name": "svgo",
"dependency": "svgo",
"title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)",
"url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.3.3"
}
],
"effects": [],
"range": "3.0.0 - 3.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.3.3",
"isSemVerMajor": false
}
},
"underscore": {
"name": "underscore",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113950,
"name": "underscore",
"dependency": "underscore",
"title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw",
"severity": "high",
"cwe": [
"CWE-674",
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.13.7"
}
],
"effects": [],
"range": "<=1.13.7",
"nodes": [
""
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114591,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114592,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.24.0"
},
{
"source": 1114593,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114594,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.24.0"
},
{
"source": 1114637,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114638,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114639,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114640,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114641,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114642,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.24.0"
},
{
"source": 1114643,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.17.0 <7.24.0"
}
],
"effects": [],
"range": "<=6.23.0 || 7.0.0 - 7.23.0",
"nodes": [
"",
""
],
"fixAvailable": true
},
"yaml": {
"name": "yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1115556,
"name": "yaml",
"dependency": "yaml",
"title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.8.3"
}
],
"effects": [],
"range": "2.0.0 - 2.8.2",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 6,
"moderate": 4,
"high": 21,
"critical": 2,
"total": 33
},
"dependencies": {
"prod": 1,
"dev": 1745,
"optional": 38,
"peer": 2,
"peerOptional": 0,
"total": 1745
}
}
}
}
--- end ---
{"added": 28, "removed": 2, "changed": 52, "audited": 1746, "funding": 232, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@tootallnate/once": {"name": "@tootallnate/once", "severity": "low", "isDirect": false, "via": [{"source": 1113977, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<3.0.1"}], "effects": ["http-proxy-agent"], "range": "<3.0.1", "nodes": ["node_modules/@tootallnate/once"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "high", "isDirect": true, "via": ["mocha"], "effects": [], "range": ">=6.1.19", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "ajv": {"name": "ajv", "severity": "moderate", "isDirect": false, "via": [{"source": 1113714, "name": "ajv", "dependency": "ajv", "title": "ajv has ReDoS when using `$data` option", "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<6.14.0"}, {"source": 1113715, "name": "ajv", "dependency": "ajv", "title": "ajv has ReDoS when using `$data` option", "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=7.0.0-alpha.0 <8.18.0"}], "effects": [], "range": "<6.14.0 || >=7.0.0-alpha.0 <8.18.0", "nodes": ["", "", ""], "fixAvailable": true}, "axios": {"name": "axios", "severity": "high", "isDirect": false, "via": [{"source": 1097679, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": ["CWE-352"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "range": ">=0.8.1 <0.28.0"}, {"source": 1111034, "name": "axios", "dependency": "axios", "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL", "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.30.0"}, {"source": 1113274, "name": "axios", "dependency": "axios", "title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig", "url": "https://github.com/advisories/GHSA-43fc-jf86-j433", "severity": "high", "cwe": ["CWE-754"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=0.30.2"}], "effects": ["openapi-validator"], "range": "<=0.30.2", "nodes": ["node_modules/axios"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "basic-ftp": {"name": "basic-ftp", "severity": "critical", "isDirect": false, "via": [{"source": 1113518, "name": "basic-ftp", "dependency": "basic-ftp", "title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir()\u00a0method", "url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c", "severity": "critical", "cwe": ["CWE-22"], "cvss": {"score": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": "<5.2.0"}], "effects": [], "range": "<5.2.0", "nodes": [""], "fixAvailable": true}, "brace-expansion": {"name": "brace-expansion", "severity": "moderate", "isDirect": false, "via": [{"source": 1115540, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<1.1.13"}, {"source": 1115541, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": ">=2.0.0 <2.0.3"}], "effects": [], "range": "<1.1.13 || >=2.0.0 <2.0.3", "nodes": ["", "", "", "", "", "", "", "", "", "", "", "", "", ""], "fixAvailable": true}, "chai-openapi-response-validator": {"name": "chai-openapi-response-validator", "severity": "high", "isDirect": true, "via": ["openapi-validator"], "effects": [], "range": "0.11.2 || >=0.14.2-alpha.0", "nodes": ["node_modules/chai-openapi-response-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "diff": {"name": "diff", "severity": "low", "isDirect": false, "via": [{"source": 1112705, "name": "diff", "dependency": "diff", "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch", "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx", "severity": "low", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.2.2"}], "effects": [], "range": "5.0.0 - 5.2.1", "nodes": [""], "fixAvailable": true}, "editorconfig": {"name": "editorconfig", "severity": "high", "isDirect": false, "via": ["minimatch"], "effects": [], "range": "1.0.3 - 1.0.4 || 2.0.0", "nodes": [""], "fixAvailable": true}, "fast-xml-parser": {"name": "fast-xml-parser", "severity": "critical", "isDirect": false, "via": [{"source": 1113153, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has RangeError DoS Numeric Entities Bug", "url": "https://github.com/advisories/GHSA-37qj-frw5-hhjh", "severity": "high", "cwe": ["CWE-20", "CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.9 <=5.3.3"}, {"source": 1113568, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names", "url": "https://github.com/advisories/GHSA-m7jm-9gc2-mpf2", "severity": "critical", "cwe": ["CWE-185"], "cvss": {"score": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"}, "range": ">=5.0.0 <5.3.5"}, {"source": 1113569, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)", "url": "https://github.com/advisories/GHSA-jmr7-xgp7-cmfj", "severity": "high", "cwe": ["CWE-776"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.3.6"}, {"source": 1114153, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder", "url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3", "severity": "low", "cwe": ["CWE-120"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.3.8"}, {"source": 1115339, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)", "url": "https://github.com/advisories/GHSA-8gc5-j5rx-235r", "severity": "high", "cwe": ["CWE-776"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.5.6"}, {"source": 1115359, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser", "url": "https://github.com/advisories/GHSA-jp2q-39xq-3w4g", "severity": "moderate", "cwe": ["CWE-1284"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0-beta.3 <=5.5.6"}], "effects": [], "range": "4.0.0-beta.3 - 5.5.6", "nodes": [""], "fixAvailable": true}, "flatted": {"name": "flatted", "severity": "high", "isDirect": false, "via": [{"source": 1114526, "name": "flatted", "dependency": "flatted", "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase", "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.4.0"}, {"source": 1115357, "name": "flatted", "dependency": "flatted", "title": "Prototype Pollution via parse() in NodeJS flatted", "url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<=3.4.1"}], "effects": [], "range": "<=3.4.1", "nodes": [""], "fixAvailable": true}, "gaze": {"name": "gaze", "severity": "high", "isDirect": false, "via": ["globule"], "effects": ["grunt-contrib-watch"], "range": ">=0.4.0", "nodes": ["node_modules/gaze"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "globule": {"name": "globule", "severity": "high", "isDirect": false, "via": ["minimatch"], "effects": ["gaze"], "range": "*", "nodes": ["node_modules/globule"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": ["grunt-eslint", "grunt-karma"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "grunt-contrib-watch": {"name": "grunt-contrib-watch", "severity": "high", "isDirect": true, "via": ["gaze"], "effects": [], "range": ">=0.5.0", "nodes": ["node_modules/grunt-contrib-watch"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "grunt-karma": {"name": "grunt-karma", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "*", "nodes": ["node_modules/grunt-karma"], "fixAvailable": false}, "http-proxy-agent": {"name": "http-proxy-agent", "severity": "low", "isDirect": false, "via": ["@tootallnate/once"], "effects": ["jsdom"], "range": "4.0.1 - 5.0.0", "nodes": ["node_modules/jsdom/node_modules/http-proxy-agent"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "jest-environment-jsdom": {"name": "jest-environment-jsdom", "severity": "low", "isDirect": true, "via": ["jsdom"], "effects": [], "range": "27.0.1 - 30.0.0-rc.1", "nodes": ["node_modules/jest-environment-jsdom"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "jsdom": {"name": "jsdom", "severity": "low", "isDirect": false, "via": ["http-proxy-agent"], "effects": ["jest-environment-jsdom"], "range": "16.6.0 - 22.1.0", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "lodash": {"name": "lodash", "severity": "high", "isDirect": false, "via": [{"source": 1112455, "name": "lodash", "dependency": "lodash", "title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions", "url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": ">=4.0.0 <=4.17.22"}, {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}], "effects": [], "range": "<=4.17.23", "nodes": ["", "node_modules/lodash"], "fixAvailable": true}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [{"source": 1113190, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it is has a Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-38c4-r59v-3vqw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=13.0.0 <14.1.1"}], "effects": [], "range": "13.0.0 - 14.1.0", "nodes": [""], "fixAvailable": true}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113461, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.1.7"}, {"source": 1113465, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=9.0.0 <9.0.6"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113540, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, {"source": 1113544, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, {"source": 1113548, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, {"source": 1113552, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}], "effects": ["editorconfig", "globule", "grunt"], "range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6", "nodes": ["", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "node_modules/globule/node_modules/minimatch", "node_modules/grunt/node_modules/minimatch"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "high", "isDirect": false, "via": ["serialize-javascript"], "effects": ["@wdio/mocha-framework"], "range": "8.0.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "openapi-validator": {"name": "openapi-validator", "severity": "high", "isDirect": false, "via": ["axios"], "effects": ["chai-openapi-response-validator"], "range": ">=0.14.2-alpha.0", "nodes": ["node_modules/openapi-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "picomatch": {"name": "picomatch", "severity": "high", "isDirect": false, "via": [{"source": 1115549, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, {"source": 1115551, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.0.4"}, {"source": 1115552, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}, {"source": 1115554, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.0.4"}], "effects": [], "range": "<=2.3.1 || 4.0.0 - 4.0.3", "nodes": ["", "", "", "", "", ""], "fixAvailable": true}, "qs": {"name": "qs", "severity": "low", "isDirect": false, "via": [{"source": 1113161, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in comma parsing allows denial of service", "url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883", "severity": "low", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=6.7.0 <=6.14.1"}], "effects": [], "range": "6.7.0 - 6.14.1", "nodes": [""], "fixAvailable": true}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}, {"source": 1115723, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects", "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v", "severity": "moderate", "cwe": ["CWE-400", "CWE-834"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<7.0.5"}], "effects": ["mocha"], "range": "<=7.0.4", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "socket.io-parser": {"name": "socket.io-parser", "severity": "high", "isDirect": false, "via": [{"source": 1115154, "name": "socket.io-parser", "dependency": "socket.io-parser", "title": "socket.io allows an unbounded number of binary attachments", "url": "https://github.com/advisories/GHSA-677m-j7p3-52f9", "severity": "high", "cwe": ["CWE-754"], "cvss": {"score": 0, "vectorString": null}, "range": ">=4.0.0 <4.2.6"}], "effects": [], "range": "4.0.0 - 4.2.5", "nodes": [""], "fixAvailable": true}, "svgo": {"name": "svgo", "severity": "high", "isDirect": true, "via": [{"source": 1114151, "name": "svgo", "dependency": "svgo", "title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)", "url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673", "severity": "high", "cwe": ["CWE-776"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=3.0.0 <3.3.3"}], "effects": [], "range": "3.0.0 - 3.3.2", "nodes": ["node_modules/svgo"], "fixAvailable": {"name": "svgo", "version": "3.3.3", "isSemVerMajor": false}}, "underscore": {"name": "underscore", "severity": "high", "isDirect": false, "via": [{"source": 1113950, "name": "underscore", "dependency": "underscore", "title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack", "url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw", "severity": "high", "cwe": ["CWE-674", "CWE-770"], "cvss": {"score": 0, "vectorString": null}, "range": "<=1.13.7"}], "effects": [], "range": "<=1.13.7", "nodes": [""], "fixAvailable": true}, "undici": {"name": "undici", "severity": "high", "isDirect": false, "via": [{"source": 1114591, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114592, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.0.0 <6.24.0"}, {"source": 1114593, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114594, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<6.24.0"}, {"source": 1114637, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114638, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, {"source": 1114639, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114640, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, {"source": 1114641, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114642, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": "<6.24.0"}, {"source": 1114643, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS", "url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.17.0 <7.24.0"}], "effects": [], "range": "<=6.23.0 || 7.0.0 - 7.23.0", "nodes": ["", ""], "fixAvailable": true}, "yaml": {"name": "yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1115556, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}], "effects": [], "range": "2.0.0 - 2.8.2", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 6, "moderate": 4, "high": 21, "critical": 2, "total": 33}, "dependencies": {"prod": 1, "dev": 1745, "optional": 38, "peer": 2, "peerOptional": 0, "total": 1745}}}}
{}
Upgrading n:svgo from 3.3.2 -> 3.3.3
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
added 2 packages, removed 3 packages, changed 54 packages, and audited 1719 packages in 10s
232 packages are looking for funding
run `npm fund` for details
# npm audit report
@tootallnate/once <3.0.1
@tootallnate/once vulnerable to Incorrect Control Flow Scoping - https://github.com/advisories/GHSA-vpq2-c234-7xj6
fix available via `npm audit fix --force`
Will install jest-environment-jsdom@30.3.0, which is a breaking change
node_modules/@tootallnate/once
http-proxy-agent 4.0.1 - 5.0.0
Depends on vulnerable versions of @tootallnate/once
node_modules/jsdom/node_modules/http-proxy-agent
jsdom 16.6.0 - 22.1.0
Depends on vulnerable versions of http-proxy-agent
node_modules/jsdom
jest-environment-jsdom 27.0.1 - 30.0.0-rc.1
Depends on vulnerable versions of jsdom
node_modules/jest-environment-jsdom
axios <=0.30.2
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix --force`
Will install chai-openapi-response-validator@0.14.1, which is a breaking change
node_modules/axios
openapi-validator >=0.14.2-alpha.0
Depends on vulnerable versions of axios
node_modules/openapi-validator
chai-openapi-response-validator 0.11.2 || >=0.14.2-alpha.0
Depends on vulnerable versions of openapi-validator
node_modules/chai-openapi-response-validator
lodash <=4.17.23
Severity: high
lodash vulnerable to Code Injection via `_.template` imports key names - https://github.com/advisories/GHSA-r5fr-rjxr-66jc
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` - https://github.com/advisories/GHSA-f23m-r3pf-42rh
No fix available
node_modules/lodash
grunt-legacy-log >=1.0.0-rc1
Depends on vulnerable versions of grunt-legacy-log-utils
Depends on vulnerable versions of lodash
node_modules/grunt-legacy-log
grunt >=0.4.0-a
Depends on vulnerable versions of grunt-legacy-log
Depends on vulnerable versions of grunt-legacy-util
Depends on vulnerable versions of minimatch
node_modules/grunt
grunt-eslint <=1.0.0 || >=18.1.0
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
grunt-karma *
Depends on vulnerable versions of grunt
node_modules/grunt-karma
grunt-legacy-log-utils >=1.0.0
Depends on vulnerable versions of lodash
node_modules/grunt-legacy-log-utils
grunt-legacy-util >=1.0.0-rc1
Depends on vulnerable versions of lodash
node_modules/grunt-legacy-util
minimatch <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install grunt-contrib-watch@0.4.4, which is a breaking change
node_modules/globule/node_modules/minimatch
node_modules/grunt/node_modules/minimatch
globule *
Depends on vulnerable versions of minimatch
node_modules/globule
gaze >=0.4.0
Depends on vulnerable versions of globule
node_modules/gaze
grunt-contrib-watch >=0.5.0
Depends on vulnerable versions of gaze
node_modules/grunt-contrib-watch
serialize-javascript <=7.0.4
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - https://github.com/advisories/GHSA-qj8w-gfj5-8c6v
fix available via `npm audit fix --force`
Will install @wdio/mocha-framework@6.1.17, which is a breaking change
node_modules/serialize-javascript
mocha 8.0.0 - 12.0.0-beta-2
Depends on vulnerable versions of serialize-javascript
node_modules/mocha
@wdio/mocha-framework >=6.1.19
Depends on vulnerable versions of mocha
node_modules/@wdio/mocha-framework
21 vulnerabilities (4 low, 17 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.4.0',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated whatwg-encoding@3.1.1: Use @exodus/bytes instead for a more spec-conformant and faster implementation
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1718 packages, and audited 1719 packages in 39s
232 packages are looking for funding
run `npm fund` for details
21 vulnerabilities (4 low, 17 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/mediawiki.special.block/stores/block.test.js
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.languageselector/LookupLanguageSelector.test.js
PASS tests/jest/mediawiki.languageselector/MultiselectLookupLanguageSelector.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.languageselector/useLanguageSelector.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.page.ready/updateThumbnailsToPreferredSize.test.js
PASS tests/jest/mediawiki.languageselector/factory.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.languageselector/languageSearch.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (13.602 s)
Test Suites: 22 passed, 22 total
Tests: 143 passed, 143 total
Snapshots: 3 passed, 3 total
Time: 21.406 s
Ran all test suites.
--- stdout ---
> test
> grunt lint && npm run doc && npm run jest
Running "eslint:all" (eslint) task
/src/repo/resources/src/jquery.lengthLimit.js
41:1 warning Syntax error in namepath: '$.fn.trimByteLength' jsdoc/valid-types
/src/repo/resources/src/jquery/jquery.makeCollapsible.js
441:1 warning Syntax error in namepath: ~'wikipage.collapsibleContent' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action.edit/edit.js
12:1 warning Syntax error in namepath: ~'wikipage.editform' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action/mediawiki.action.view.postEdit.js
21:1 warning Syntax error in namepath: ~'postEdit' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'postEdit.afterRemoval' jsdoc/valid-types
/src/repo/resources/src/mediawiki.api/index.js
213:1 warning The type 'JSON.parse' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.authenticationPopup/AuthPopup.js
181:1 warning The type 'AuthPopup.CheckLoggedIn' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.base/errorLogger.js
8:1 warning Syntax error in namepath: ~'global.error' jsdoc/valid-types
22:1 warning Syntax error in namepath: ~'error.caught' jsdoc/valid-types
/src/repo/resources/src/mediawiki.base/log.js
14:1 warning Found more than one @return declaration jsdoc/require-returns
14:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.base/mediawiki.base.js
248:1 warning The type 'mediawiki.inspect.runReports' is undefined jsdoc/no-undefined-types
274:1 warning The type 'mediawiki.inspect.js.html' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.diff/inlineFormatToggle.js
150:1 warning Syntax error in namepath: ~'wikipage.diff.wikitextDiffBody' jsdoc/valid-types
162:1 warning Syntax error in namepath: ~'wikipage.diff.diffTypeSwitch' jsdoc/valid-types
/src/repo/resources/src/mediawiki.editRecovery/edit.js
184:1 warning Syntax error in namepath: ~'editRecovery.loadEnd' jsdoc/valid-types
/src/repo/resources/src/mediawiki.htmlform/cond-state.js
48:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.htmlform/htmlform.js
5:1 warning Syntax error in namepath: ~'htmlform.enhance' jsdoc/valid-types
/src/repo/resources/src/mediawiki.inspect.js
112:2 warning Found more than one @return declaration jsdoc/require-returns
112:2 warning Found more than one @return declaration jsdoc/require-returns-check
309:18 warning Avoid direct access to localStorage. Use mw.storage instead mediawiki/no-storage
/src/repo/resources/src/mediawiki.jqueryMsg/mediawiki.jqueryMsg.js
148:1 warning Found more than one @return declaration jsdoc/require-returns
148:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.languageselector/LookupLanguageSelector.vue
7:3 warning Attribute ":id" should go before ":menu-config" vue/attributes-order
/src/repo/resources/src/mediawiki.languageselector/MultiselectLookupLanguageSelector.vue
8:3 warning Attribute ":id" should go before ":menu-config" vue/attributes-order
/src/repo/resources/src/mediawiki.notification.convertmessagebox.js
13:1 warning Syntax error in namepath: (require("mediawiki.notification.convertmessagebox")) jsdoc/valid-types
/src/repo/resources/src/mediawiki.page.gallery.slideshow.js
138:22 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
143:22 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.page.preview.js
404:1 warning Syntax error in namepath: ~'wikipage.tableOfContents' jsdoc/valid-types
685:1 warning The type 'Hooks.wikipage.categories' is undefined jsdoc/no-undefined-types
686:1 warning The type 'Hooks.wikipage.content' is undefined jsdoc/no-undefined-types
687:1 warning The type 'Hooks.wikipage.diff' is undefined jsdoc/no-undefined-types
688:1 warning The type 'Hooks.wikipage.indicators' is undefined jsdoc/no-undefined-types
689:1 warning The type 'Hooks.wikipage.tableOfContents' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.page.ready/ready.js
99:1 warning Syntax error in namepath: ~'wikipage.indicators' jsdoc/valid-types
119:1 warning Syntax error in namepath: ~'wikipage.content' jsdoc/valid-types
140:1 warning Syntax error in namepath: ~'wikipage.categories' jsdoc/valid-types
153:1 warning The type 'Hooks.wikipage.content' is undefined jsdoc/no-undefined-types
156:1 warning Syntax error in namepath: ~'wikipage.diff' jsdoc/valid-types
187:1 warning Syntax error in namepath: ~'skin.logout' jsdoc/valid-types
333:7 warning Avoid direct access to sessionStorage. Use mw.storage.session instead mediawiki/no-storage
/src/repo/resources/src/mediawiki.page.watch.ajax/watch-ajax.js
130:1 warning Syntax error in namepath: ~'wikipage.watchlistChange' jsdoc/valid-types
154:1 warning The type 'Hooks.wikipage.watchlistChange' is undefined jsdoc/no-undefined-types
180:1 warning The type 'Hooks.wikipage.watchlistChange' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/Controller.js
330:1 warning Found more than one @return declaration jsdoc/require-returns
330:1 warning Found more than one @return declaration jsdoc/require-returns-check
550:1 warning Syntax error in namepath: ~'RcFilters.highlight.enable' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FilterItem.js
81:1 warning Found more than one @return declaration jsdoc/require-returns
81:1 warning Found more than one @return declaration jsdoc/require-returns-check
335:1 warning The type 'update' is undefined jsdoc/no-undefined-types
351:1 warning The type 'update' is undefined jsdoc/no-undefined-types
366:1 warning The type 'update' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FiltersViewModel.js
1200:1 warning The type 'searchChange' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/mw.rcfilters.js
204:1 warning Syntax error in namepath: ~'structuredChangeFilters.ui.initialized' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/ui/FilterTagMultiselectWidget.js
107:21 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
112:24 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
428:1 warning Syntax error in namepath: ~'RcFilters.popup.open' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/ui/FilterWrapperWidget.js
69:28 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.rcfilters/ui/HighlightColorPickerWidget.js
36:17 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.rcfilters/ui/SavedLinksListItemWidget.js
27:20 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
59:20 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.router/router.js
211:3 warning Unused eslint-disable directive (no problems were reported from 'prefer-const')
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/App.vue
76:3 warning Prop 'router' requires default value to be set vue/require-default-prop
225:1 warning The type 'AbortableSearchFetch' is undefined jsdoc/no-undefined-types
310:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/fetch.js
21:1 warning The type 'RequestInit' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/instrumentation.js
2:1 warning The type 'FetchEndEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SuggestionClickEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/restSearchClient.js
4:1 warning Syntax error in type: import('./urlGenerator.js').UrlGenerator jsdoc/valid-types
17:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
24:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
108:1 warning The type 'fetchRecommendationByTitle' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/urlGenerator.js
2:1 warning The type 'Record' is undefined jsdoc/no-undefined-types
9:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
9:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
30:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
30:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandbox.js
501:9 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js
44:1 warning Found more than one @return declaration jsdoc/require-returns
44:1 warning Found more than one @return declaration jsdoc/require-returns-check
403:19 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
584:7 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.special.block/init.js
26:1 warning Syntax error in namepath: ~'SpecialBlock.block' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'SpecialBlock.form' jsdoc/valid-types
/src/repo/resources/src/mediawiki.util/util.js
590:1 warning The type 'Hooks.util.addPortlet' is undefined jsdoc/no-undefined-types
629:1 warning Syntax error in namepath: ~'util.addPortlet' jsdoc/valid-types
703:1 warning The type 'Hooks.util.addPortletLink' is undefined jsdoc/no-undefined-types
798:1 warning Syntax error in namepath: ~'util.addPortletLink' jsdoc/valid-types
/src/repo/resources/src/mediawiki.widgets.datetime/CalendarWidget.js
114:5 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
120:5 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.widgets.datetime/DateTimeInputWidget.js
449:23 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/mediawiki.widgets/mw.widgets.CalendarWidget.js
355:22 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
363:19 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
369:21 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
375:21 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/resources/src/startup/mediawiki.loader.js
61:1 warning Syntax error in namepath: ~'resourceloader.exception' jsdoc/valid-types
✖ 97 problems (0 errors, 97 warnings)
0 errors and 3 warnings potentially fixable with the `--fix` option.
Running "banana:core" (banana) task
>> 1 message directory checked.
Running "banana:botpasswords" (banana) task
>> 1 message directory checked.
Running "banana:codex" (banana) task
>> 1 message directory checked.
Running "banana:datetime" (banana) task
>> 1 message directory checked.
Running "banana:exif" (banana) task
>> 1 message directory checked.
Running "banana:nontranslatable" (banana) task
>> 1 message directory checked.
Running "banana:interwiki" (banana) task
>> 1 message directory checked.
Running "banana:preferences" (banana) task
>> 1 message directory checked.
Running "banana:userrights" (banana) task
>> 1 message directory checked.
Running "banana:languageconverter" (banana) task
>> 1 message directory checked.
Running "banana:api" (banana) task
>> 1 message directory checked.
Running "banana:rest" (banana) task
>> 1 message directory checked.
Running "banana:installer" (banana) task
>> 1 message directory checked.
Running "banana:paramvalidator" (banana) task
>> 1 message directory checked.
Running "stylelint:resources" (stylelint) task
>> resources/src/mediawiki.special.apisandbox/apisandbox.less
>> 118:3 ⚠ Unexpected browser feature "css-resize" is not supported by Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3,15.4,15.5,15.6-15.8,16.0,16.1,16.2,16.3,16.4,16.5,16.6-16.7,17.0,17.1,17.2,17.3,17.4,17.5,17.6-17.7,18.0,18.1,18.2,18.3,18.4,18.5-18.6,26.0 plugin/no-unsupported-browser-features
>>
>> resources/src/mediawiki.special.watchlistlabels/labelmanager.less
>> 8:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Edge 79,80,81,83, Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,83, Safari 10,11,12,13,14,10.1,11.1,12.1,13.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
>>
>> resources/src/mediawiki.special.watchlistlabels/LabelOnboarding.vue
>> 160:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Edge 79,80,81,83, Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,83, Safari 10,11,12,13,14,10.1,11.1,12.1,13.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
>>
>> resources/src/mediawiki.special/userrights.less
>> 28:4 ⚠ Unexpected browser feature "css-has" is not supported by Edge 79,80,81,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104, Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104, Safari 10,11,12,13,14,15,10.1,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
>>
>> ⚠ 4 problems (0 errors, 4 warnings)
⚠ 4 warnings
>> Linted 222 files without errors
Running "stylelint:config" (stylelint) task
>> Linted 1 files without errors
Done.
> doc
> jsdoc -c jsdoc.json
> jest
> jest --config tests/jest/jest.config.js
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
All files | 92.77 | 88.53 | 77.22 | 92.77 |
mediawiki.skinning.typeaheadSearch | 85.8 | 78.18 | 56.25 | 85.8 |
App.vue | 76.21 | 69.23 | 16.66 | 76.21 | 176,211-213,218-221,229-253,257-264,273-283,293-306,313-314,318-322,326,330-333,338-341,345-349,354,359-360,366-368
TypeaheadSearchWrapper.vue | 94.24 | 66.66 | 100 | 94.24 | 54-61
fetch.js | 100 | 88.88 | 75 | 100 | 31
instrumentation.js | 82.82 | 100 | 60 | 82.82 | 4-13,18-24
restSearchClient.js | 97.53 | 77.77 | 85.71 | 97.53 | 121-123,142
urlGenerator.js | 88.33 | 66.66 | 100 | 88.33 | 43-49
mediawiki.special.block | 92.43 | 91.54 | 82.35 | 92.43 |
SpecialBlock.vue | 91.54 | 91.11 | 72.72 | 91.54 | 271-280,323-328,334-348,455-472,487-488,499-501
init.js | 100 | 100 | 100 | 100 |
util.js | 94.64 | 90.9 | 100 | 94.64 | 82-84,86-88
mediawiki.special.block/components | 95.09 | 91.23 | 88.09 | 95.09 |
AdditionalDetailsField.vue | 100 | 80 | 100 | 100 | 67
BlockDetailsField.vue | 100 | 100 | 100 | 100 |
BlockLog.vue | 98.94 | 100 | 83.33 | 98.94 | 337-340,401
BlockTypeField.vue | 95.04 | 50 | 100 | 95.04 | 73-77
ConfirmationDialog.vue | 96.34 | 100 | 50 | 96.34 | 70-72
ExpiryField.vue | 94.92 | 87.17 | 100 | 94.92 | 153-154,156-157,185-194,200,255-256
NamespacesField.vue | 90.42 | 88.88 | 66.66 | 90.42 | 60-68
PagesField.vue | 70.06 | 50 | 50 | 70.06 | 46-47,56-57,72-79,88-90,97-118,127-133
ReasonField.vue | 96.89 | 91.3 | 100 | 96.89 | 64,114-117
UserLookup.vue | 97.75 | 95.23 | 100 | 97.75 | 146-148,197-199,232-233
ValidatingTextInput.js | 100 | 100 | 100 | 100 |
mediawiki.special.block/stores | 95.85 | 86.66 | 90 | 95.85 |
block.js | 95.85 | 86.66 | 90 | 95.85 | 341-342,455-456,458-459,479-480,483-484,487-488,506-521
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
--- end ---
{"1113714": {"source": 1113714, "name": "ajv", "dependency": "ajv", "title": "ajv has ReDoS when using `$data` option", "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<6.14.0"}, "1113715": {"source": 1113715, "name": "ajv", "dependency": "ajv", "title": "ajv has ReDoS when using `$data` option", "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=7.0.0-alpha.0 <8.18.0"}}
Upgrading n:ajv from 6.12.6, 8.17.1 -> 6.14.0, 8.18.0
{"1113518": {"source": 1113518, "name": "basic-ftp", "dependency": "basic-ftp", "title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir()\u00a0method", "url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c", "severity": "critical", "cwe": ["CWE-22"], "cvss": {"score": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": "<5.2.0"}}
Upgrading n:basic-ftp from 5.1.0 -> 5.2.0
{"1115540": {"source": 1115540, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<1.1.13"}, "1115541": {"source": 1115541, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": ">=2.0.0 <2.0.3"}}
Upgrading n:brace-expansion from 1.1.12, 2.0.2 -> 1.1.13, 2.0.3
{"1112705": {"source": 1112705, "name": "diff", "dependency": "diff", "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch", "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx", "severity": "low", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.2.2"}}
Upgrading n:diff from 5.2.0, 8.0.3 -> 5.2.2, 8.0.3
{}
{"1113153": {"source": 1113153, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has RangeError DoS Numeric Entities Bug", "url": "https://github.com/advisories/GHSA-37qj-frw5-hhjh", "severity": "high", "cwe": ["CWE-20", "CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.9 <=5.3.3"}, "1113568": {"source": 1113568, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names", "url": "https://github.com/advisories/GHSA-m7jm-9gc2-mpf2", "severity": "critical", "cwe": ["CWE-185"], "cvss": {"score": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"}, "range": ">=5.0.0 <5.3.5"}, "1113569": {"source": 1113569, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)", "url": "https://github.com/advisories/GHSA-jmr7-xgp7-cmfj", "severity": "high", "cwe": ["CWE-776"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.3.6"}, "1114153": {"source": 1114153, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder", "url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3", "severity": "low", "cwe": ["CWE-120"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.3.8"}, "1115339": {"source": 1115339, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)", "url": "https://github.com/advisories/GHSA-8gc5-j5rx-235r", "severity": "high", "cwe": ["CWE-776"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.5.6"}, "1115359": {"source": 1115359, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser", "url": "https://github.com/advisories/GHSA-jp2q-39xq-3w4g", "severity": "moderate", "cwe": ["CWE-1284"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0-beta.3 <=5.5.6"}}
Upgrading n:fast-xml-parser from 5.3.3 -> 5.5.10
{"1114526": {"source": 1114526, "name": "flatted", "dependency": "flatted", "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase", "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.4.0"}, "1115357": {"source": 1115357, "name": "flatted", "dependency": "flatted", "title": "Prototype Pollution via parse() in NodeJS flatted", "url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<=3.4.1"}}
Upgrading n:flatted from 3.3.3 -> 3.4.2
{"1112455": {"source": 1112455, "name": "lodash", "dependency": "lodash", "title": "Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions", "url": "https://github.com/advisories/GHSA-xxjr-mmjv-4gpg", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": ">=4.0.0 <=4.17.22"}, "1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:lodash from 4.17.21 -> 4.17.23
{"1113190": {"source": 1113190, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it is has a Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-38c4-r59v-3vqw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=13.0.0 <14.1.1"}}
Upgrading n:markdown-it from 14.1.0 -> 14.1.1
{"1115549": {"source": 1115549, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, "1115551": {"source": 1115551, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.0.4"}, "1115552": {"source": 1115552, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}, "1115554": {"source": 1115554, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.0.4"}}
Upgrading n:picomatch from 2.3.1, 4.0.3 -> 2.3.2, 4.0.4
{"1113161": {"source": 1113161, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in comma parsing allows denial of service", "url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883", "severity": "low", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=6.7.0 <=6.14.1"}}
Upgrading n:qs from 6.14.1 -> 6.14.2
{"1115154": {"source": 1115154, "name": "socket.io-parser", "dependency": "socket.io-parser", "title": "socket.io allows an unbounded number of binary attachments", "url": "https://github.com/advisories/GHSA-677m-j7p3-52f9", "severity": "high", "cwe": ["CWE-754"], "cvss": {"score": 0, "vectorString": null}, "range": ">=4.0.0 <4.2.6"}}
Upgrading n:socket.io-parser from 4.2.4 -> 4.2.6
{"1113950": {"source": 1113950, "name": "underscore", "dependency": "underscore", "title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack", "url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw", "severity": "high", "cwe": ["CWE-674", "CWE-770"], "cvss": {"score": 0, "vectorString": null}, "range": "<=1.13.7"}}
Upgrading n:underscore from 1.13.7 -> 1.13.8
{"1114591": {"source": 1114591, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, "1114592": {"source": 1114592, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.0.0 <6.24.0"}, "1114593": {"source": 1114593, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": ">=7.0.0 <7.24.0"}, "1114594": {"source": 1114594, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<6.24.0"}, "1114637": {"source": 1114637, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, "1114638": {"source": 1114638, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, "1114639": {"source": 1114639, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, "1114640": {"source": 1114640, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, "1114641": {"source": 1114641, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": ">=7.0.0 <7.24.0"}, "1114642": {"source": 1114642, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": "<6.24.0"}, "1114643": {"source": 1114643, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS", "url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.17.0 <7.24.0"}}
Upgrading n:undici from 6.23.0, 7.19.1 -> 6.24.1, 7.24.7
{"1115556": {"source": 1115556, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}}
Upgrading n:yaml from 2.8.2 -> 2.8.3
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* api-testing: 1.7.1 → 1.7.3
* jsdoc-wmf-theme: 1.1.0 → 1.2.0
* svgo: 3.3.2 → 3.3.3
* ajv: 6.12.6, 8.17.1 → 6.14.0, 8.18.0
* https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
* basic-ftp: 5.1.0 → 5.2.0
* https://github.com/advisories/GHSA-5rq4-664w-9x2c
* brace-expansion: 1.1.12, 2.0.2 → 1.1.13, 2.0.3
* https://github.com/advisories/GHSA-f886-m6hf-6m8v
* diff: 5.2.0, 8.0.3 → 5.2.2, 8.0.3
* https://github.com/advisories/GHSA-73rr-hh4g-fpgx
* fast-xml-parser: 5.3.3 → 5.5.10
* https://github.com/advisories/GHSA-37qj-frw5-hhjh
* https://github.com/advisories/GHSA-8gc5-j5rx-235r
* https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
* https://github.com/advisories/GHSA-jmr7-xgp7-cmfj
* https://github.com/advisories/GHSA-jp2q-39xq-3w4g
* https://github.com/advisories/GHSA-m7jm-9gc2-mpf2
* flatted: 3.3.3 → 3.4.2
* https://github.com/advisories/GHSA-25h7-pfq9-p65f
* https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
* lodash: 4.17.21 → 4.17.23
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
* markdown-it: 14.1.0 → 14.1.1
* https://github.com/advisories/GHSA-38c4-r59v-3vqw
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* qs: 6.14.1 → 6.14.2
* https://github.com/advisories/GHSA-w7fw-mjwx-w883
* socket.io-parser: 4.2.4 → 4.2.6
* https://github.com/advisories/GHSA-677m-j7p3-52f9
* underscore: 1.13.7 → 1.13.8
* https://github.com/advisories/GHSA-qpx9-hpmf-5gmw
* undici: 6.23.0, 7.19.1 → 6.24.1, 7.24.7
* https://github.com/advisories/GHSA-2mjp-6q6p-2qxm
* https://github.com/advisories/GHSA-4992-7rv2-5pvq
* https://github.com/advisories/GHSA-f269-vfmq-vjvj
* https://github.com/advisories/GHSA-phc3-fgpg-7m6h
* https://github.com/advisories/GHSA-v9p9-hfj2-hcw8
* https://github.com/advisories/GHSA-vrm6-8vpv-qv8q
* yaml: 2.8.2 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmplhw4xv66
--- stdout ---
[master d825cf4] build: Updating npm dependencies
2 files changed, 255 insertions(+), 316 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From d825cf48b0a47b9b703b0441283716f86bc1798f Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 6 Apr 2026 00:19:50 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* api-testing: 1.7.1 → 1.7.3
* jsdoc-wmf-theme: 1.1.0 → 1.2.0
* svgo: 3.3.2 → 3.3.3
* ajv: 6.12.6, 8.17.1 → 6.14.0, 8.18.0
* https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
* basic-ftp: 5.1.0 → 5.2.0
* https://github.com/advisories/GHSA-5rq4-664w-9x2c
* brace-expansion: 1.1.12, 2.0.2 → 1.1.13, 2.0.3
* https://github.com/advisories/GHSA-f886-m6hf-6m8v
* diff: 5.2.0, 8.0.3 → 5.2.2, 8.0.3
* https://github.com/advisories/GHSA-73rr-hh4g-fpgx
* fast-xml-parser: 5.3.3 → 5.5.10
* https://github.com/advisories/GHSA-37qj-frw5-hhjh
* https://github.com/advisories/GHSA-8gc5-j5rx-235r
* https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
* https://github.com/advisories/GHSA-jmr7-xgp7-cmfj
* https://github.com/advisories/GHSA-jp2q-39xq-3w4g
* https://github.com/advisories/GHSA-m7jm-9gc2-mpf2
* flatted: 3.3.3 → 3.4.2
* https://github.com/advisories/GHSA-25h7-pfq9-p65f
* https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
* lodash: 4.17.21 → 4.17.23
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
* markdown-it: 14.1.0 → 14.1.1
* https://github.com/advisories/GHSA-38c4-r59v-3vqw
* picomatch: 2.3.1, 4.0.3 → 2.3.2, 4.0.4
* https://github.com/advisories/GHSA-3v7f-55p6-f55p
* https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* qs: 6.14.1 → 6.14.2
* https://github.com/advisories/GHSA-w7fw-mjwx-w883
* socket.io-parser: 4.2.4 → 4.2.6
* https://github.com/advisories/GHSA-677m-j7p3-52f9
* underscore: 1.13.7 → 1.13.8
* https://github.com/advisories/GHSA-qpx9-hpmf-5gmw
* undici: 6.23.0, 7.19.1 → 6.24.1, 7.24.7
* https://github.com/advisories/GHSA-2mjp-6q6p-2qxm
* https://github.com/advisories/GHSA-4992-7rv2-5pvq
* https://github.com/advisories/GHSA-f269-vfmq-vjvj
* https://github.com/advisories/GHSA-phc3-fgpg-7m6h
* https://github.com/advisories/GHSA-v9p9-hfj2-hcw8
* https://github.com/advisories/GHSA-vrm6-8vpv-qv8q
* yaml: 2.8.2 → 2.8.3
* https://github.com/advisories/GHSA-48c2-rrv3-qjmp
Change-Id: Ia549481bfa66a2fa34fa56ba49333409c364bf39
---
package-lock.json | 565 +++++++++++++++++++++-------------------------
package.json | 6 +-
2 files changed, 255 insertions(+), 316 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index ea60c14..468c9f5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -19,7 +19,7 @@
"@wikimedia/codex": "2.4.0",
"@wikimedia/codex-icons": "2.4.0",
"@wikimedia/karma-firefox-launcher": "2.1.3",
- "api-testing": "1.7.1",
+ "api-testing": "1.7.3",
"chai-openapi-response-validator": "^0.14.2",
"domino": "2.1.0",
"dotenv": "8.2.0",
@@ -34,7 +34,7 @@
"jest-environment-jsdom": "29.7.0",
"jest-fetch-mock": "3.0.3",
"jsdoc": "4.0.5",
- "jsdoc-wmf-theme": "1.1.0",
+ "jsdoc-wmf-theme": "1.2.0",
"karma": "6.4.1",
"karma-chrome-launcher": "3.1.0",
"karma-mocha-reporter": "2.2.5",
@@ -42,7 +42,7 @@
"pinia": "2.0.16",
"qunit": "2.24.1",
"stylelint-config-wikimedia": "0.18.0",
- "svgo": "3.3.2",
+ "svgo": "3.3.3",
"vue": "3.5.13",
"wdio-mediawiki": "file:tests/selenium/wdio-mediawiki",
"xml2js": "^0.6.2"
@@ -2516,11 +2516,10 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/ajv": {
- "version": "6.12.6",
- "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
- "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+ "version": "6.14.0",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
+ "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
@@ -2533,11 +2532,10 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -2592,11 +2590,10 @@
"license": "MIT"
},
"node_modules/@eslint/eslintrc/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -2698,22 +2695,20 @@
}
},
"node_modules/@humanwhocodes/config-array/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"node_modules/@humanwhocodes/config-array/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -3967,11 +3962,10 @@
}
},
"node_modules/@jest/reporters/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -4085,11 +4079,10 @@
}
},
"node_modules/@jest/reporters/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -4495,7 +4488,6 @@
"resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz",
"integrity": "sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==",
"dev": true,
- "license": "MIT",
"engines": {
"node": "^14.21.3 || >=16"
},
@@ -4549,11 +4541,10 @@
"license": "MIT"
},
"node_modules/@paralleldrive/cuid2": {
- "version": "2.2.2",
- "resolved": "https://registry.npmjs.org/@paralleldrive/cuid2/-/cuid2-2.2.2.tgz",
- "integrity": "sha512-ZOBkgDwEdoYVlSeRbYYXs0S9MejQofiVYoTbKzy/6GQa39/q5tQU2IX46+shYnUkpEl3wc+J6wRlar7r2EK2xA==",
+ "version": "2.3.1",
+ "resolved": "https://registry.npmjs.org/@paralleldrive/cuid2/-/cuid2-2.3.1.tgz",
+ "integrity": "sha512-XO7cAxhnTZl0Yggq6jOgjiOHhbgcO4NqFqwSmQpjK3b6TEE6Uj/jfSk6wzYyemh3+I0sHirKSetjQwn5cZktFw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@noble/hashes": "^1.1.5"
}
@@ -4848,16 +4839,6 @@
"integrity": "sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA==",
"dev": true
},
- "node_modules/@trysound/sax": {
- "version": "0.2.0",
- "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz",
- "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==",
- "dev": true,
- "license": "ISC",
- "engines": {
- "node": ">=10.13.0"
- }
- },
"node_modules/@types/babel__core": {
"version": "7.20.5",
"resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz",
@@ -6110,11 +6091,10 @@
}
},
"node_modules/ajv": {
- "version": "8.17.1",
- "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
- "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
+ "version": "8.18.0",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
+ "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
"dev": true,
- "license": "MIT",
"dependencies": {
"fast-deep-equal": "^3.1.3",
"fast-uri": "^3.0.1",
@@ -6236,11 +6216,10 @@
}
},
"node_modules/anymatch/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -6249,14 +6228,13 @@
}
},
"node_modules/api-testing": {
- "version": "1.7.1",
- "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.1.tgz",
- "integrity": "sha512-h6eqLa9uOOpbBXGN6/s91GquV1YprC1XLVtWIRv/25XWFRqHibIBwuXjqcUqFSsU1fgYvfclSMRXuUcCvEmX6A==",
+ "version": "1.7.3",
+ "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.3.tgz",
+ "integrity": "sha512-wvXUqkiflOur6kI57onNt2BQ6Hse0BRCIzThc1W7W4LEfVvLUCyKOp8EQna9tKqMZ7K1Rz/ptrCSzHe9XEo+Bw==",
"dev": true,
- "license": "ISC",
"dependencies": {
"chai": "4.5.0",
- "supertest": "7.1.0"
+ "supertest": "7.2.2"
},
"engines": {
"node": ">= 14.18.0"
@@ -6446,8 +6424,7 @@
"version": "2.0.6",
"resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
"integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==",
- "dev": true,
- "license": "MIT"
+ "dev": true
},
"node_modules/assertion-error": {
"version": "1.1.0",
@@ -6914,9 +6891,9 @@
}
},
"node_modules/basic-ftp": {
- "version": "5.1.0",
- "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.1.0.tgz",
- "integrity": "sha512-RkaJzeJKDbaDWTIPiJwubyljaEPwpVWkm9Rt5h9Nd6h7tEXTJ3VB4qxdZBioV7JO5yLUaOKwz7vDOzlncUsegw==",
+ "version": "5.2.0",
+ "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz",
+ "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -7036,11 +7013,10 @@
"license": "ISC"
},
"node_modules/brace-expansion": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
- "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+ "version": "2.0.3",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+ "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0"
}
@@ -7441,9 +7417,9 @@
}
},
"node_modules/cheerio/node_modules/undici": {
- "version": "7.19.1",
- "resolved": "https://registry.npmjs.org/undici/-/undici-7.19.1.tgz",
- "integrity": "sha512-Gpq0iNm5M6cQWlyHQv9MV+uOj1jWk7LpkoE5vSp/7zjb4zMdAcUD+VL5y0nH4p9EbUklq00eVIIX/XcDHzu5xg==",
+ "version": "7.24.7",
+ "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.7.tgz",
+ "integrity": "sha512-H/nlJ/h0ggGC+uRL3ovD+G0i4bqhvsDOpbDv7At5eFLlj2b41L8QliGbnl2H7SnDiYhENphh1tQFJZf+MyfLsQ==",
"dev": true,
"engines": {
"node": ">=20.18.1"
@@ -7730,7 +7706,6 @@
"resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.1.tgz",
"integrity": "sha512-T0+barUSQRTUQASh8bx02dl+DhF54GtIDY13Y3m9oWTklKbb3Wv974meRpeZ3lp1JpLVECWWNHC4vaG2XHXouQ==",
"dev": true,
- "license": "MIT",
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
@@ -7872,12 +7847,20 @@
"node": ">= 0.6"
}
},
+ "node_modules/cookie-signature": {
+ "version": "1.2.2",
+ "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",
+ "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==",
+ "dev": true,
+ "engines": {
+ "node": ">=6.6.0"
+ }
+ },
"node_modules/cookiejar": {
"version": "2.1.4",
"resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz",
"integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==",
- "dev": true,
- "license": "MIT"
+ "dev": true
},
"node_modules/core-js-compat": {
"version": "3.45.1",
@@ -8612,7 +8595,6 @@
"resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.4.tgz",
"integrity": "sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==",
"dev": true,
- "license": "ISC",
"dependencies": {
"asap": "^2.0.0",
"wrappy": "1"
@@ -8958,15 +8940,14 @@
}
},
"node_modules/editorconfig": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz",
- "integrity": "sha512-L9Qe08KWTlqYMVvMcTIvMAdl1cDUubzRNYL+WfA4bLDMHe4nemKkpmYzkznE1FwLKu0EEmy6obgQKzMJrg4x9Q==",
+ "version": "1.0.7",
+ "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz",
+ "integrity": "sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@one-ini/wasm": "0.1.1",
"commander": "^10.0.0",
- "minimatch": "9.0.1",
+ "minimatch": "^9.0.1",
"semver": "^7.5.3"
},
"bin": {
@@ -8986,22 +8967,6 @@
"node": ">=14"
}
},
- "node_modules/editorconfig/node_modules/minimatch": {
- "version": "9.0.1",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz",
- "integrity": "sha512-0jWhJpD/MdhPXwPuiRkCbfYfSKp2qnn2eOc279qI7f+osl/l+prKSrvhg157zSYvx/1nmgn2NqdT6k2Z7zSH9w==",
- "dev": true,
- "license": "ISC",
- "dependencies": {
- "brace-expansion": "^2.0.1"
- },
- "engines": {
- "node": ">=16 || 14 >=14.17"
- },
- "funding": {
- "url": "https://github.com/sponsors/isaacs"
- }
- },
"node_modules/editorconfig/node_modules/semver": {
"version": "7.7.2",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
@@ -10279,11 +10244,10 @@
}
},
"node_modules/eslint/node_modules/ajv": {
- "version": "6.12.6",
- "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
- "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+ "version": "6.14.0",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
+ "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
@@ -10312,11 +10276,10 @@
}
},
"node_modules/eslint/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -10464,11 +10427,10 @@
}
},
"node_modules/eslint/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -11028,8 +10990,7 @@
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
"integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==",
- "dev": true,
- "license": "MIT"
+ "dev": true
},
"node_modules/fast-uri": {
"version": "3.1.0",
@@ -11048,10 +11009,25 @@
],
"license": "BSD-3-Clause"
},
+ "node_modules/fast-xml-builder": {
+ "version": "1.1.4",
+ "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.4.tgz",
+ "integrity": "sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg==",
+ "dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/NaturalIntelligence"
+ }
+ ],
+ "dependencies": {
+ "path-expression-matcher": "^1.1.3"
+ }
+ },
"node_modules/fast-xml-parser": {
- "version": "5.3.3",
- "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.3.tgz",
- "integrity": "sha512-2O3dkPAAC6JavuMm8+4+pgTk+5hoAs+CjZ+sWcQLkX9+/tHRuTkQh/Oaifr8qDmZ8iEHb771Ea6G8CdwkrgvYA==",
+ "version": "5.5.10",
+ "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.10.tgz",
+ "integrity": "sha512-go2J2xODMc32hT+4Xr/bBGXMaIoiCwrwp2mMtAvKyvEFW6S/v5Gn2pBmE4nvbwNjGhpcAiOwEv7R6/GZ6XRa9w==",
"dev": true,
"funding": [
{
@@ -11060,7 +11036,9 @@
}
],
"dependencies": {
- "strnum": "^2.1.0"
+ "fast-xml-builder": "^1.1.4",
+ "path-expression-matcher": "^1.2.1",
+ "strnum": "^2.2.2"
},
"bin": {
"fxparser": "src/cli/cli.js"
@@ -11156,9 +11134,9 @@
}
},
"node_modules/filelist/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -11312,11 +11290,10 @@
}
},
"node_modules/flatted": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
- "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
- "dev": true,
- "license": "ISC"
+ "version": "3.4.2",
+ "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+ "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
+ "dev": true
},
"node_modules/follow-redirects": {
"version": "1.15.11",
@@ -11380,11 +11357,10 @@
}
},
"node_modules/form-data": {
- "version": "4.0.4",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
- "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+ "version": "4.0.5",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
+ "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
@@ -11401,7 +11377,6 @@
"resolved": "https://registry.npmjs.org/formidable/-/formidable-3.5.4.tgz",
"integrity": "sha512-YikH+7CUTOtP44ZTnUhR7Ic2UASBPOqmaRkRKxRbywPTe5VxF7RRCck4af9wutiZ/QKM5nME9Bie2fFaPz5Gug==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@paralleldrive/cuid2": "^2.2.2",
"dezalgo": "^1.0.4",
@@ -11815,11 +11790,10 @@
}
},
"node_modules/globule/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -12434,11 +12408,10 @@
}
},
"node_modules/grunt/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -13881,11 +13854,10 @@
}
},
"node_modules/jest-config/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -13977,11 +13949,10 @@
}
},
"node_modules/jest-config/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -15112,11 +15083,10 @@
}
},
"node_modules/jest-runtime/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -15228,11 +15198,10 @@
}
},
"node_modules/jest-runtime/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -15555,11 +15524,10 @@
}
},
"node_modules/jest-util/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -15960,15 +15928,15 @@
}
},
"node_modules/jsdoc-wmf-theme": {
- "version": "1.1.0",
- "resolved": "https://registry.npmjs.org/jsdoc-wmf-theme/-/jsdoc-wmf-theme-1.1.0.tgz",
- "integrity": "sha512-0BQMgaSBmdGRVSiyAF7SMm1mTS59Y5vpPHAFFABcZRL15TIc5UyL88DtrrA1nuKL+jgTBsMgaeu8NDfNstC8RA==",
+ "version": "1.2.0",
+ "resolved": "https://registry.npmjs.org/jsdoc-wmf-theme/-/jsdoc-wmf-theme-1.2.0.tgz",
+ "integrity": "sha512-4eWBcH+3KrAg+qrTOJoNxWqLtra63TbCBXCxsaTvz4x5VsXN4e63/9S4dACX+8GLflcnAEZMp9IJK8RlMwMJ0g==",
"dev": true,
- "license": "Apache-2.0",
"dependencies": {
"@jsdoc/salty": "^0.2.8",
"@wikimedia/codex-design-tokens": "1.1.1",
"domino": "^2.1.6",
+ "jsdoc": "^4.0.5",
"jsdoc-class-hierarchy": "1.1.2",
"lunr": "2.3.9",
"marked": "^12.0.2",
@@ -16374,11 +16342,10 @@
}
},
"node_modules/karma/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -16484,11 +16451,10 @@
}
},
"node_modules/karma/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -16510,11 +16476,10 @@
}
},
"node_modules/karma/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -16845,11 +16810,10 @@
}
},
"node_modules/lodash": {
- "version": "4.17.21",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
- "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
- "dev": true,
- "license": "MIT"
+ "version": "4.17.23",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+ "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+ "dev": true
},
"node_modules/lodash.clonedeep": {
"version": "4.5.0",
@@ -17062,11 +17026,10 @@
}
},
"node_modules/markdown-it": {
- "version": "14.1.0",
- "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz",
- "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==",
+ "version": "14.1.1",
+ "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
+ "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"argparse": "^2.0.1",
"entities": "^4.4.0",
@@ -17183,7 +17146,6 @@
"resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
"integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">= 0.6"
}
@@ -17203,11 +17165,10 @@
}
},
"node_modules/micromatch/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -17272,13 +17233,12 @@
}
},
"node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
- "license": "ISC",
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -17466,11 +17426,10 @@
"license": "MIT"
},
"node_modules/mocha/node_modules/diff": {
- "version": "5.2.0",
- "resolved": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz",
- "integrity": "sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A==",
+ "version": "5.2.2",
+ "resolved": "https://registry.npmjs.org/diff/-/diff-5.2.2.tgz",
+ "integrity": "sha512-vtcDfH3TOjP8UekytvnHH1o1P4FcUdt4eQ1Y+Abap1tk/OB2MWQvcwS2ClCd1zuIhc3JKOx6p3kod8Vfys3E+A==",
"dev": true,
- "license": "BSD-3-Clause",
"engines": {
"node": ">=0.3.1"
}
@@ -17603,11 +17562,10 @@
}
},
"node_modules/mocha/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^2.0.1"
},
@@ -17632,11 +17590,10 @@
}
},
"node_modules/mocha/node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -17775,22 +17732,20 @@
}
},
"node_modules/multimatch/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
}
},
"node_modules/multimatch/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -18465,6 +18420,21 @@
"node": ">=8"
}
},
+ "node_modules/path-expression-matcher": {
+ "version": "1.2.1",
+ "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.2.1.tgz",
+ "integrity": "sha512-d7gQQmLvAKXKXE2GeP9apIGbMYKz88zWdsn/BN2HRWVQsDFdUY36WSLTY0Jvd4HWi7Fb30gQ62oAOzdgJA6fZw==",
+ "dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/NaturalIntelligence"
+ }
+ ],
+ "engines": {
+ "node": ">=14.0.0"
+ }
+ },
"node_modules/path-is-absolute": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
@@ -18591,11 +18561,10 @@
"license": "ISC"
},
"node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=12"
},
@@ -19045,9 +19014,9 @@
}
},
"node_modules/qs": {
- "version": "6.14.1",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
- "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
+ "version": "6.14.2",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+ "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
"dev": true,
"dependencies": {
"side-channel": "^1.1.0"
@@ -19415,9 +19384,9 @@
}
},
"node_modules/readdir-glob/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -19466,9 +19435,9 @@
}
},
"node_modules/recursive-readdir/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"dependencies": {
"balanced-match": "^1.0.0",
@@ -19476,9 +19445,9 @@
}
},
"node_modules/recursive-readdir/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -19795,11 +19764,10 @@
}
},
"node_modules/rimraf/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -19828,11 +19796,10 @@
}
},
"node_modules/rimraf/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -19980,11 +19947,13 @@
"license": "MIT"
},
"node_modules/sax": {
- "version": "1.4.1",
- "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.1.tgz",
- "integrity": "sha512-+aWOz7yVScEGoKNd4PA10LZ8sk0A/z5+nXQG5giUO5rprX9jgYsTdov9qCchZiPIZezbZH+jRut8nPodFAX4Jg==",
+ "version": "1.6.0",
+ "resolved": "https://registry.npmjs.org/sax/-/sax-1.6.0.tgz",
+ "integrity": "sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==",
"dev": true,
- "license": "ISC"
+ "engines": {
+ "node": ">=11.0.0"
+ }
},
"node_modules/saxes": {
"version": "6.0.0",
@@ -20317,37 +20286,18 @@
}
},
"node_modules/socket.io-parser": {
- "version": "4.2.4",
- "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.4.tgz",
- "integrity": "sha512-/GbIKmo8ioc+NIWIhwdecY0ge+qVBSMdgxGygevmdHj24bsfgtCmcUUcQ5ZzcylGFHsN3k4HB4Cgkl96KVnuew==",
+ "version": "4.2.6",
+ "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz",
+ "integrity": "sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@socket.io/component-emitter": "~3.1.0",
- "debug": "~4.3.1"
+ "debug": "~4.4.1"
},
"engines": {
"node": ">=10.0.0"
}
},
- "node_modules/socket.io-parser/node_modules/debug": {
- "version": "4.3.7",
- "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz",
- "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==",
- "dev": true,
- "license": "MIT",
- "dependencies": {
- "ms": "^2.1.3"
- },
- "engines": {
- "node": ">=6.0"
- },
- "peerDependenciesMeta": {
- "supports-color": {
- "optional": true
- }
- }
- },
"node_modules/socket.io/node_modules/debug": {
"version": "4.3.7",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz",
@@ -20812,9 +20762,9 @@
}
},
"node_modules/strnum": {
- "version": "2.1.2",
- "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.1.2.tgz",
- "integrity": "sha512-l63NF9y/cLROq/yqKXSLtcMeeyOfnSQlfMSlzFt/K73oIaD8DGaQWd7Z34X9GPiKqP5rbSh84Hl4bOlLcjiSrQ==",
+ "version": "2.2.2",
+ "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.2.tgz",
+ "integrity": "sha512-DnR90I+jtXNSTXWdwrEy9FakW7UX+qUZg28gj5fk2vxxl7uS/3bpI4fjFYVmdK9etptYBPNkpahuQnEwhwECqA==",
"dev": true,
"funding": [
{
@@ -21413,37 +21363,34 @@
}
},
"node_modules/superagent": {
- "version": "9.0.2",
- "resolved": "https://registry.npmjs.org/superagent/-/superagent-9.0.2.tgz",
- "integrity": "sha512-xuW7dzkUpcJq7QnhOsnNUgtYp3xRwpt2F7abdRYIpCsAt0hhUqia0EdxyXZQQpNmGtsCzYHryaKSV3q3GJnq7w==",
- "deprecated": "Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net",
+ "version": "10.3.0",
+ "resolved": "https://registry.npmjs.org/superagent/-/superagent-10.3.0.tgz",
+ "integrity": "sha512-B+4Ik7ROgVKrQsXTV0Jwp2u+PXYLSlqtDAhYnkkD+zn3yg8s/zjA2MeGayPoY/KICrbitwneDHrjSotxKL+0XQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "component-emitter": "^1.3.0",
+ "component-emitter": "^1.3.1",
"cookiejar": "^2.1.4",
- "debug": "^4.3.4",
+ "debug": "^4.3.7",
"fast-safe-stringify": "^2.1.1",
- "form-data": "^4.0.0",
- "formidable": "^3.5.1",
+ "form-data": "^4.0.5",
+ "formidable": "^3.5.4",
"methods": "^1.1.2",
"mime": "2.6.0",
- "qs": "^6.11.0"
+ "qs": "^6.14.1"
},
"engines": {
"node": ">=14.18.0"
}
},
"node_modules/supertest": {
- "version": "7.1.0",
- "resolved": "https://registry.npmjs.org/supertest/-/supertest-7.1.0.tgz",
- "integrity": "sha512-5QeSO8hSrKghtcWEoPiO036fxH0Ii2wVQfFZSP0oqQhmjk8bOLhDFXr4JrvaFmPuEWUoq4znY3uSi8UzLKxGqw==",
- "deprecated": "Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net",
+ "version": "7.2.2",
+ "resolved": "https://registry.npmjs.org/supertest/-/supertest-7.2.2.tgz",
+ "integrity": "sha512-oK8WG9diS3DlhdUkcFn4tkNIiIbBx9lI2ClF8K+b2/m8Eyv47LSawxUzZQSNKUrVb2KsqeTDCcjAAVPYaSLVTA==",
"dev": true,
- "license": "MIT",
"dependencies": {
+ "cookie-signature": "^1.2.2",
"methods": "^1.1.2",
- "superagent": "^9.0.1"
+ "superagent": "^10.3.0"
},
"engines": {
"node": ">=14.18.0"
@@ -21522,19 +21469,18 @@
"dev": true
},
"node_modules/svgo": {
- "version": "3.3.2",
- "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.2.tgz",
- "integrity": "sha512-OoohrmuUlBs8B8o6MB2Aevn+pRIH9zDALSR+6hhqVfa6fRwG/Qw9VUMSMW9VNg2CFc/MTIfabtdOVl9ODIJjpw==",
+ "version": "3.3.3",
+ "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.3.tgz",
+ "integrity": "sha512-+wn7I4p7YgJhHs38k2TNjy1vCfPIfLIJWR5MnCStsN8WuuTcBnRKcMHQLMM2ijxGZmDoZwNv8ipl5aTTen62ng==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@trysound/sax": "0.2.0",
"commander": "^7.2.0",
"css-select": "^5.1.0",
"css-tree": "^2.3.1",
"css-what": "^6.1.0",
"csso": "^5.0.5",
- "picocolors": "^1.0.0"
+ "picocolors": "^1.0.0",
+ "sax": "^1.5.0"
},
"bin": {
"svgo": "bin/svgo"
@@ -21671,11 +21617,10 @@
}
},
"node_modules/test-exclude/node_modules/brace-expansion": {
- "version": "1.1.12",
- "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
- "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+ "version": "1.1.13",
+ "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+ "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
- "license": "MIT",
"dependencies": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@@ -21704,11 +21649,10 @@
}
},
"node_modules/test-exclude/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"brace-expansion": "^1.1.7"
},
@@ -22105,11 +22049,10 @@
}
},
"node_modules/underscore": {
- "version": "1.13.7",
- "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.7.tgz",
- "integrity": "sha512-GMXzWtsc57XAtguZgaQViUOzs0KTkk8ojr3/xAxXLITqf/3EMwxC0inyETfDFjH/Krbhuep0HNbbjI9i/q3F3g==",
- "dev": true,
- "license": "MIT"
+ "version": "1.13.8",
+ "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.13.8.tgz",
+ "integrity": "sha512-DXtD3ZtEQzc7M8m4cXotyHR+FAS18C64asBYY5vqZexfYryNNnDc02W4hKg3rdQuqOYas1jkseX0+nZXjTXnvQ==",
+ "dev": true
},
"node_modules/underscore.string": {
"version": "3.3.6",
@@ -22126,9 +22069,9 @@
}
},
"node_modules/undici": {
- "version": "6.23.0",
- "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
- "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
+ "version": "6.24.1",
+ "resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz",
+ "integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==",
"dev": true,
"engines": {
"node": ">=18.17"
@@ -22621,8 +22564,10 @@
}
},
"node_modules/wdio-mediawiki": {
- "resolved": "tests/selenium/wdio-mediawiki",
- "link": true
+ "version": "6.5.0",
+ "resolved": "file:tests/selenium/wdio-mediawiki",
+ "dev": true,
+ "license": "MIT"
},
"node_modules/webdriver": {
"version": "9.23.2",
@@ -23090,11 +23035,10 @@
"license": "ISC"
},
"node_modules/yaml": {
- "version": "2.8.2",
- "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.2.tgz",
- "integrity": "sha512-mplynKqc1C2hTVYxd0PU2xQAc22TI1vShAYGksCCfxbn/dFwnHTNi1bvYsBTkhdUNtGIf5xNOg938rrSSYvS9A==",
+ "version": "2.8.3",
+ "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+ "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
"dev": true,
- "license": "ISC",
"bin": {
"yaml": "bin.mjs"
},
@@ -23355,11 +23299,6 @@
"dependencies": {
"safe-buffer": "~5.2.0"
}
- },
- "tests/selenium/wdio-mediawiki": {
- "version": "6.5.0",
- "dev": true,
- "license": "MIT"
}
}
}
diff --git a/package.json b/package.json
index bbcbd75..d3fa8ee 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
"@wikimedia/codex": "2.4.0",
"@wikimedia/codex-icons": "2.4.0",
"@wikimedia/karma-firefox-launcher": "2.1.3",
- "api-testing": "1.7.1",
+ "api-testing": "1.7.3",
"chai-openapi-response-validator": "^0.14.2",
"domino": "2.1.0",
"dotenv": "8.2.0",
@@ -41,7 +41,7 @@
"jest-environment-jsdom": "29.7.0",
"jest-fetch-mock": "3.0.3",
"jsdoc": "4.0.5",
- "jsdoc-wmf-theme": "1.1.0",
+ "jsdoc-wmf-theme": "1.2.0",
"karma": "6.4.1",
"karma-chrome-launcher": "3.1.0",
"karma-mocha-reporter": "2.2.5",
@@ -49,7 +49,7 @@
"pinia": "2.0.16",
"qunit": "2.24.1",
"stylelint-config-wikimedia": "0.18.0",
- "svgo": "3.3.2",
+ "svgo": "3.3.3",
"vue": "3.5.13",
"wdio-mediawiki": "file:tests/selenium/wdio-mediawiki",
"xml2js": "^0.6.2"
--
2.47.3
--- end ---