This run took 171 seconds.
From bfff96afbd6d9217657f578b10ae1e9dbb865da0 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 22 May 2026 06:52:37 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* @babel/plugin-transform-modules-systemjs: 7.17.8 → 7.29.4
* https://github.com/advisories/GHSA-fv7c-fp4j-7gwp
* fast-uri: 3.0.5 → 3.1.2
* https://github.com/advisories/GHSA-q3j6-qgpj-74h6
* https://github.com/advisories/GHSA-v39h-62p7-jpjc
* js-cookie: 3.0.5 → 3.0.7
* https://github.com/advisories/GHSA-qjx8-664m-686j
* qs: 6.14.0, 6.15.1 → 6.14.2, 6.15.1
* https://github.com/advisories/GHSA-6rw7-vpxm-498p
* https://github.com/advisories/GHSA-w7fw-mjwx-w883
* ws: 8.18.0 → 8.20.1
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
Change-Id: I5982c1d67c2bf41488321f45c73e6458eae203db
---
package-lock.json | 365 ++++++++++++++++++++++------------------------
1 file changed, 176 insertions(+), 189 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 8f3089a..1f02109 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -56,14 +56,14 @@
}
},
"node_modules/@babel/code-frame": {
- "version": "7.26.2",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz",
- "integrity": "sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+ "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
"dev": true,
"dependencies": {
- "@babel/helper-validator-identifier": "^7.25.9",
+ "@babel/helper-validator-identifier": "^7.28.5",
"js-tokens": "^4.0.0",
- "picocolors": "^1.0.0"
+ "picocolors": "^1.1.1"
},
"engines": {
"node": ">=6.9.0"
@@ -115,15 +115,15 @@
"dev": true
},
"node_modules/@babel/generator": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.5.tgz",
- "integrity": "sha512-2caSP6fN9I7HOe6nqhtft7V4g7/V/gfDsC3Ag4W7kEzzvRGKqiv0pu0HogPiZ3KaVSoNDhUws6IJjDjpfmYIXw==",
+ "version": "7.29.1",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.1.tgz",
+ "integrity": "sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==",
"dev": true,
"dependencies": {
- "@babel/parser": "^7.26.5",
- "@babel/types": "^7.26.5",
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.25",
+ "@babel/parser": "^7.29.0",
+ "@babel/types": "^7.29.0",
+ "@jridgewell/gen-mapping": "^0.3.12",
+ "@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
},
"engines": {
@@ -131,17 +131,13 @@
}
},
"node_modules/@babel/generator/node_modules/@jridgewell/gen-mapping": {
- "version": "0.3.8",
- "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.8.tgz",
- "integrity": "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA==",
+ "version": "0.3.13",
+ "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
+ "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==",
"dev": true,
"dependencies": {
- "@jridgewell/set-array": "^1.2.1",
- "@jridgewell/sourcemap-codec": "^1.4.10",
+ "@jridgewell/sourcemap-codec": "^1.5.0",
"@jridgewell/trace-mapping": "^0.3.24"
- },
- "engines": {
- "node": ">=6.0.0"
}
},
"node_modules/@babel/helper-annotate-as-pure": {
@@ -292,14 +288,11 @@
"node": ">=6.9.0"
}
},
- "node_modules/@babel/helper-hoist-variables": {
- "version": "7.22.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz",
- "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==",
+ "node_modules/@babel/helper-globals": {
+ "version": "7.28.0",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
+ "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
"dev": true,
- "dependencies": {
- "@babel/types": "^7.22.5"
- },
"engines": {
"node": ">=6.9.0"
}
@@ -317,27 +310,27 @@
}
},
"node_modules/@babel/helper-module-imports": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.25.9.tgz",
- "integrity": "sha512-tnUA4RsrmflIM6W6RFTLFSXITtl0wKjgpnLgXyowocVPrbYrLUXSBXDgTs8BlbmIzIdlBySRQjINYs2BAkiLtw==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz",
+ "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==",
"dev": true,
"dependencies": {
- "@babel/traverse": "^7.25.9",
- "@babel/types": "^7.25.9"
+ "@babel/traverse": "^7.28.6",
+ "@babel/types": "^7.28.6"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-transforms": {
- "version": "7.26.0",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.26.0.tgz",
- "integrity": "sha512-xO+xu6B5K2czEnQye6BHA7DolFFmS3LB7stHZFaOLb1pAwO1HWLS8fXA+eh0A2yIvltPVmx3eNNDBJA2SLHXFw==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz",
+ "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==",
"dev": true,
"dependencies": {
- "@babel/helper-module-imports": "^7.25.9",
- "@babel/helper-validator-identifier": "^7.25.9",
- "@babel/traverse": "^7.25.9"
+ "@babel/helper-module-imports": "^7.28.6",
+ "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/traverse": "^7.28.6"
},
"engines": {
"node": ">=6.9.0"
@@ -359,9 +352,9 @@
}
},
"node_modules/@babel/helper-plugin-utils": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.26.5.tgz",
- "integrity": "sha512-RS+jZcRdZdRFzMyr+wcsaqOmld1/EqTghfaBGQQd/WnRdzdlvSZ//kF7U8VQTxf1ynZ4cjUcYgjVGx13ewNPMg==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.28.6.tgz",
+ "integrity": "sha512-S9gzZ/bz83GRysI7gAD4wPT/AI3uCnY+9xn+Mx/KPs2JwHJIz1W8PZkg2cqyt3RNOBM8ejcXhV6y8Og7ly/Dug==",
"dev": true,
"engines": {
"node": ">=6.9.0"
@@ -435,18 +428,18 @@
}
},
"node_modules/@babel/helper-string-parser": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz",
- "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==",
+ "version": "7.27.1",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+ "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
"dev": true,
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-identifier": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz",
- "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==",
+ "version": "7.28.5",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+ "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
"dev": true,
"engines": {
"node": ">=6.9.0"
@@ -490,12 +483,12 @@
}
},
"node_modules/@babel/parser": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz",
- "integrity": "sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==",
+ "version": "7.29.3",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.3.tgz",
+ "integrity": "sha512-b3ctpQwp+PROvU/cttc4OYl4MzfJUWy6FZg+PMXfzmt/+39iHVF0sDfqay8TQM3JA2EUOyKcFZt75jWriQijsA==",
"dev": true,
"dependencies": {
- "@babel/types": "^7.26.10"
+ "@babel/types": "^7.29.0"
},
"bin": {
"parser": "bin/babel-parser.js"
@@ -1384,16 +1377,15 @@
}
},
"node_modules/@babel/plugin-transform-modules-systemjs": {
- "version": "7.17.8",
- "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.17.8.tgz",
- "integrity": "sha512-39reIkMTUVagzgA5x88zDYXPCMT6lcaRKs1+S9K6NKBPErbgO/w/kP8GlNQTC87b412ZTlmNgr3k2JrWgHH+Bw==",
+ "version": "7.29.4",
+ "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.29.4.tgz",
+ "integrity": "sha512-N7QmZ0xRZfjHOfZeQLJjwgX2zS9pdGHSVl/cjSGlo4dXMqvurfxXDMKY4RqEKzPozV78VMcd0lxyG13mlbKc4w==",
"dev": true,
"dependencies": {
- "@babel/helper-hoist-variables": "^7.16.7",
- "@babel/helper-module-transforms": "^7.17.7",
- "@babel/helper-plugin-utils": "^7.16.7",
- "@babel/helper-validator-identifier": "^7.16.7",
- "babel-plugin-dynamic-import-node": "^2.3.3"
+ "@babel/helper-module-transforms": "^7.28.6",
+ "@babel/helper-plugin-utils": "^7.28.6",
+ "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/traverse": "^7.29.0"
},
"engines": {
"node": ">=6.9.0"
@@ -1943,45 +1935,45 @@
"dev": true
},
"node_modules/@babel/template": {
- "version": "7.26.9",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz",
- "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz",
+ "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==",
"dev": true,
"dependencies": {
- "@babel/code-frame": "^7.26.2",
- "@babel/parser": "^7.26.9",
- "@babel/types": "^7.26.9"
+ "@babel/code-frame": "^7.28.6",
+ "@babel/parser": "^7.28.6",
+ "@babel/types": "^7.28.6"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/traverse": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.5.tgz",
- "integrity": "sha512-rkOSPOw+AXbgtwUga3U4u8RpoK9FEFWBNAlTpcnkLFjL5CT+oyHNuUUC/xx6XefEJ16r38r8Bc/lfp6rYuHeJQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.0.tgz",
+ "integrity": "sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==",
"dev": true,
"dependencies": {
- "@babel/code-frame": "^7.26.2",
- "@babel/generator": "^7.26.5",
- "@babel/parser": "^7.26.5",
- "@babel/template": "^7.25.9",
- "@babel/types": "^7.26.5",
- "debug": "^4.3.1",
- "globals": "^11.1.0"
+ "@babel/code-frame": "^7.29.0",
+ "@babel/generator": "^7.29.0",
+ "@babel/helper-globals": "^7.28.0",
+ "@babel/parser": "^7.29.0",
+ "@babel/template": "^7.28.6",
+ "@babel/types": "^7.29.0",
+ "debug": "^4.3.1"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/types": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz",
- "integrity": "sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
+ "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
"dev": true,
"dependencies": {
- "@babel/helper-string-parser": "^7.25.9",
- "@babel/helper-validator-identifier": "^7.25.9"
+ "@babel/helper-string-parser": "^7.27.1",
+ "@babel/helper-validator-identifier": "^7.28.5"
},
"engines": {
"node": ">=6.9.0"
@@ -3951,9 +3943,9 @@
"dev": true
},
"node_modules/@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
+ "version": "0.3.31",
+ "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz",
+ "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==",
"dev": true,
"dependencies": {
"@jridgewell/resolve-uri": "^3.1.0",
@@ -14293,9 +14285,9 @@
"dev": true
},
"node_modules/fast-uri": {
- "version": "3.0.5",
- "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.5.tgz",
- "integrity": "sha512-5JnBCWpFlMo0a3ciDy/JckMzzv1U9coZrIhedq+HXxxUfDTAiS0LA8OKVao4G9BxmCVck/jtA5r3KAtRWEyD8Q==",
+ "version": "3.1.2",
+ "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz",
+ "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==",
"dev": true,
"funding": [
{
@@ -20262,12 +20254,12 @@
}
},
"node_modules/js-cookie": {
- "version": "3.0.5",
- "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz",
- "integrity": "sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==",
+ "version": "3.0.7",
+ "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.7.tgz",
+ "integrity": "sha512-z/wZZgDrkNV1eA0ULjM/F9/50Ya8fbzgKneSpoPsXSGd0KnpdtHfOZWK+GcwLk+EZbS4F9RBhU+K2RgzuDaItw==",
"dev": true,
"engines": {
- "node": ">=14"
+ "node": ">=20"
}
},
"node_modules/js-string-escape": {
@@ -23813,9 +23805,9 @@
]
},
"node_modules/qs": {
- "version": "6.14.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
- "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
+ "version": "6.14.2",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+ "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
"dev": true,
"dependencies": {
"side-channel": "^1.1.0"
@@ -30024,9 +30016,9 @@
}
},
"node_modules/ws": {
- "version": "8.18.0",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz",
- "integrity": "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==",
+ "version": "8.20.1",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+ "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -30189,14 +30181,14 @@
}
},
"@babel/code-frame": {
- "version": "7.26.2",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz",
- "integrity": "sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+ "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
"dev": true,
"requires": {
- "@babel/helper-validator-identifier": "^7.25.9",
+ "@babel/helper-validator-identifier": "^7.28.5",
"js-tokens": "^4.0.0",
- "picocolors": "^1.0.0"
+ "picocolors": "^1.1.1"
}
},
"@babel/compat-data": {
@@ -30237,26 +30229,25 @@
}
},
"@babel/generator": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.5.tgz",
- "integrity": "sha512-2caSP6fN9I7HOe6nqhtft7V4g7/V/gfDsC3Ag4W7kEzzvRGKqiv0pu0HogPiZ3KaVSoNDhUws6IJjDjpfmYIXw==",
+ "version": "7.29.1",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.1.tgz",
+ "integrity": "sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==",
"dev": true,
"requires": {
- "@babel/parser": "^7.26.5",
- "@babel/types": "^7.26.5",
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.25",
+ "@babel/parser": "^7.29.0",
+ "@babel/types": "^7.29.0",
+ "@jridgewell/gen-mapping": "^0.3.12",
+ "@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
},
"dependencies": {
"@jridgewell/gen-mapping": {
- "version": "0.3.8",
- "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.8.tgz",
- "integrity": "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA==",
+ "version": "0.3.13",
+ "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
+ "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==",
"dev": true,
"requires": {
- "@jridgewell/set-array": "^1.2.1",
- "@jridgewell/sourcemap-codec": "^1.4.10",
+ "@jridgewell/sourcemap-codec": "^1.5.0",
"@jridgewell/trace-mapping": "^0.3.24"
}
}
@@ -30379,14 +30370,11 @@
"@babel/types": "^7.23.0"
}
},
- "@babel/helper-hoist-variables": {
- "version": "7.22.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz",
- "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==",
- "dev": true,
- "requires": {
- "@babel/types": "^7.22.5"
- }
+ "@babel/helper-globals": {
+ "version": "7.28.0",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
+ "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
+ "dev": true
},
"@babel/helper-member-expression-to-functions": {
"version": "7.21.5",
@@ -30398,24 +30386,24 @@
}
},
"@babel/helper-module-imports": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.25.9.tgz",
- "integrity": "sha512-tnUA4RsrmflIM6W6RFTLFSXITtl0wKjgpnLgXyowocVPrbYrLUXSBXDgTs8BlbmIzIdlBySRQjINYs2BAkiLtw==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz",
+ "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==",
"dev": true,
"requires": {
- "@babel/traverse": "^7.25.9",
- "@babel/types": "^7.25.9"
+ "@babel/traverse": "^7.28.6",
+ "@babel/types": "^7.28.6"
}
},
"@babel/helper-module-transforms": {
- "version": "7.26.0",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.26.0.tgz",
- "integrity": "sha512-xO+xu6B5K2czEnQye6BHA7DolFFmS3LB7stHZFaOLb1pAwO1HWLS8fXA+eh0A2yIvltPVmx3eNNDBJA2SLHXFw==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz",
+ "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==",
"dev": true,
"requires": {
- "@babel/helper-module-imports": "^7.25.9",
- "@babel/helper-validator-identifier": "^7.25.9",
- "@babel/traverse": "^7.25.9"
+ "@babel/helper-module-imports": "^7.28.6",
+ "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/traverse": "^7.28.6"
}
},
"@babel/helper-optimise-call-expression": {
@@ -30428,9 +30416,9 @@
}
},
"@babel/helper-plugin-utils": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.26.5.tgz",
- "integrity": "sha512-RS+jZcRdZdRFzMyr+wcsaqOmld1/EqTghfaBGQQd/WnRdzdlvSZ//kF7U8VQTxf1ynZ4cjUcYgjVGx13ewNPMg==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.28.6.tgz",
+ "integrity": "sha512-S9gzZ/bz83GRysI7gAD4wPT/AI3uCnY+9xn+Mx/KPs2JwHJIz1W8PZkg2cqyt3RNOBM8ejcXhV6y8Og7ly/Dug==",
"dev": true
},
"@babel/helper-remap-async-to-generator": {
@@ -30486,15 +30474,15 @@
}
},
"@babel/helper-string-parser": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz",
- "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==",
+ "version": "7.27.1",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+ "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
"dev": true
},
"@babel/helper-validator-identifier": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz",
- "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==",
+ "version": "7.28.5",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+ "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
"dev": true
},
"@babel/helper-validator-option": {
@@ -30526,12 +30514,12 @@
}
},
"@babel/parser": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz",
- "integrity": "sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==",
+ "version": "7.29.3",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.3.tgz",
+ "integrity": "sha512-b3ctpQwp+PROvU/cttc4OYl4MzfJUWy6FZg+PMXfzmt/+39iHVF0sDfqay8TQM3JA2EUOyKcFZt75jWriQijsA==",
"dev": true,
"requires": {
- "@babel/types": "^7.26.10"
+ "@babel/types": "^7.29.0"
}
},
"@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": {
@@ -31105,16 +31093,15 @@
}
},
"@babel/plugin-transform-modules-systemjs": {
- "version": "7.17.8",
- "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.17.8.tgz",
- "integrity": "sha512-39reIkMTUVagzgA5x88zDYXPCMT6lcaRKs1+S9K6NKBPErbgO/w/kP8GlNQTC87b412ZTlmNgr3k2JrWgHH+Bw==",
+ "version": "7.29.4",
+ "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.29.4.tgz",
+ "integrity": "sha512-N7QmZ0xRZfjHOfZeQLJjwgX2zS9pdGHSVl/cjSGlo4dXMqvurfxXDMKY4RqEKzPozV78VMcd0lxyG13mlbKc4w==",
"dev": true,
"requires": {
- "@babel/helper-hoist-variables": "^7.16.7",
- "@babel/helper-module-transforms": "^7.17.7",
- "@babel/helper-plugin-utils": "^7.16.7",
- "@babel/helper-validator-identifier": "^7.16.7",
- "babel-plugin-dynamic-import-node": "^2.3.3"
+ "@babel/helper-module-transforms": "^7.28.6",
+ "@babel/helper-plugin-utils": "^7.28.6",
+ "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/traverse": "^7.29.0"
}
},
"@babel/plugin-transform-modules-umd": {
@@ -31497,39 +31484,39 @@
}
},
"@babel/template": {
- "version": "7.26.9",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz",
- "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz",
+ "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==",
"dev": true,
"requires": {
- "@babel/code-frame": "^7.26.2",
- "@babel/parser": "^7.26.9",
- "@babel/types": "^7.26.9"
+ "@babel/code-frame": "^7.28.6",
+ "@babel/parser": "^7.28.6",
+ "@babel/types": "^7.28.6"
}
},
"@babel/traverse": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.5.tgz",
- "integrity": "sha512-rkOSPOw+AXbgtwUga3U4u8RpoK9FEFWBNAlTpcnkLFjL5CT+oyHNuUUC/xx6XefEJ16r38r8Bc/lfp6rYuHeJQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.0.tgz",
+ "integrity": "sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==",
"dev": true,
"requires": {
- "@babel/code-frame": "^7.26.2",
- "@babel/generator": "^7.26.5",
- "@babel/parser": "^7.26.5",
- "@babel/template": "^7.25.9",
- "@babel/types": "^7.26.5",
- "debug": "^4.3.1",
- "globals": "^11.1.0"
+ "@babel/code-frame": "^7.29.0",
+ "@babel/generator": "^7.29.0",
+ "@babel/helper-globals": "^7.28.0",
+ "@babel/parser": "^7.29.0",
+ "@babel/template": "^7.28.6",
+ "@babel/types": "^7.29.0",
+ "debug": "^4.3.1"
}
},
"@babel/types": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz",
- "integrity": "sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
+ "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
"dev": true,
"requires": {
- "@babel/helper-string-parser": "^7.25.9",
- "@babel/helper-validator-identifier": "^7.25.9"
+ "@babel/helper-string-parser": "^7.27.1",
+ "@babel/helper-validator-identifier": "^7.28.5"
}
},
"@bcoe/v8-coverage": {
@@ -33013,9 +33000,9 @@
"dev": true
},
"@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
+ "version": "0.3.31",
+ "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz",
+ "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==",
"dev": true,
"requires": {
"@jridgewell/resolve-uri": "^3.1.0",
@@ -40766,9 +40753,9 @@
"dev": true
},
"fast-uri": {
- "version": "3.0.5",
- "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.5.tgz",
- "integrity": "sha512-5JnBCWpFlMo0a3ciDy/JckMzzv1U9coZrIhedq+HXxxUfDTAiS0LA8OKVao4G9BxmCVck/jtA5r3KAtRWEyD8Q==",
+ "version": "3.1.2",
+ "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz",
+ "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==",
"dev": true
},
"fastest-levenshtein": {
@@ -45307,9 +45294,9 @@
}
},
"js-cookie": {
- "version": "3.0.5",
- "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz",
- "integrity": "sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==",
+ "version": "3.0.7",
+ "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.7.tgz",
+ "integrity": "sha512-z/wZZgDrkNV1eA0ULjM/F9/50Ya8fbzgKneSpoPsXSGd0KnpdtHfOZWK+GcwLk+EZbS4F9RBhU+K2RgzuDaItw==",
"dev": true
},
"js-string-escape": {
@@ -48143,9 +48130,9 @@
"dev": true
},
"qs": {
- "version": "6.14.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
- "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
+ "version": "6.14.2",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+ "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
"dev": true,
"requires": {
"side-channel": "^1.1.0"
@@ -52941,9 +52928,9 @@
}
},
"ws": {
- "version": "8.18.0",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz",
- "integrity": "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==",
+ "version": "8.20.1",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+ "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
"dev": true
},
"x-default-browser": {
--
2.47.3
$ date
--- stdout ---
Fri May 22 06:49:54 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Wikistories.git /src/repo --depth=1 -b REL1_46
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_46
--- stdout ---
023f262964110ea1510385a44f2f33b56c47912d refs/heads/REL1_46
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/plugin-transform-modules-systemjs": {
"name": "@babel/plugin-transform-modules-systemjs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1117908,
"name": "@babel/plugin-transform-modules-systemjs",
"dependency": "@babel/plugin-transform-modules-systemjs",
"title": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input",
"url": "https://github.com/advisories/GHSA-fv7c-fp4j-7gwp",
"severity": "high",
"cwe": [
"CWE-94",
"CWE-843"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
},
"range": ">=7.12.0 <=7.29.3"
}
],
"effects": [],
"range": "7.12.0 - 7.29.0",
"nodes": [
"node_modules/@babel/plugin-transform-modules-systemjs"
],
"fixAvailable": true
},
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [
"@devtools-ds/object-inspector",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"range": "<7.26.10",
"nodes": [
"node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime",
"node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime",
"node_modules/@devtools-ds/themes/node_modules/@babel/runtime",
"node_modules/@devtools-ds/tree/node_modules/@babel/runtime"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-inspector": {
"name": "@devtools-ds/object-inspector",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"effects": [
"@storybook/addon-interactions"
],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-inspector"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-parser": {
"name": "@devtools-ds/object-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-parser"
],
"fixAvailable": true
},
"@devtools-ds/themes": {
"name": "@devtools-ds/themes",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/themes"
],
"fixAvailable": true
},
"@devtools-ds/tree": {
"name": "@devtools-ds/tree",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/themes"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/tree"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": true
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": true
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": true
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@devtools-ds/object-inspector",
"@storybook/core-common"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"terser-webpack-plugin",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/telemetry",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf"
],
"effects": [],
"range": "6.5.0-alpha.1 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"css-loader",
"terser-webpack-plugin",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": true
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue-docgen-loader"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"browserify-sign": {
"name": "browserify-sign",
"severity": "low",
"isDirect": false,
"via": [
"elliptic"
],
"effects": [
"crypto-browserify"
],
"range": ">=2.4.0",
"nodes": [
"node_modules/browserify-sign"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cacache": {
"name": "cacache",
"severity": "high",
"isDirect": false,
"via": [
"tar"
],
"effects": [
"terser-webpack-plugin"
],
"range": "14.0.0 - 18.0.4",
"nodes": [
"node_modules/cacache"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"create-ecdh": {
"name": "create-ecdh",
"severity": "low",
"isDirect": false,
"via": [
"elliptic"
],
"effects": [
"crypto-browserify"
],
"range": "*",
"nodes": [
"node_modules/create-ecdh"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"crypto-browserify": {
"name": "crypto-browserify",
"severity": "low",
"isDirect": false,
"via": [
"browserify-sign",
"create-ecdh"
],
"effects": [
"node-libs-browser"
],
"range": ">=3.4.0",
"nodes": [
"node_modules/crypto-browserify"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"elliptic": {
"name": "elliptic",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112030,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic Uses a Cryptographic Primitive with a Risky Implementation",
"url": "https://github.com/advisories/GHSA-848j-6mx2-7j84",
"severity": "low",
"cwe": [
"CWE-1240"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=6.6.1"
}
],
"effects": [
"browserify-sign",
"create-ecdh"
],
"range": "*",
"nodes": [
"node_modules/elliptic"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fast-uri": {
"name": "fast-uri",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1117870,
"name": "fast-uri",
"dependency": "fast-uri",
"title": "fast-uri vulnerable to path traversal via percent-encoded dot segments",
"url": "https://github.com/advisories/GHSA-q3j6-qgpj-74h6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.1.0"
},
{
"source": 1117884,
"name": "fast-uri",
"dependency": "fast-uri",
"title": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters",
"url": "https://github.com/advisories/GHSA-v39h-62p7-jpjc",
"severity": "high",
"cwe": [
"CWE-436"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.1.1"
}
],
"effects": [],
"range": "<=3.1.1",
"nodes": [
"node_modules/fast-uri"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": true
},
"js-cookie": {
"name": "js-cookie",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1119459,
"name": "js-cookie",
"dependency": "js-cookie",
"title": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection",
"url": "https://github.com/advisories/GHSA-qjx8-664m-686j",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.0.5"
}
],
"effects": [],
"range": "<=3.0.5",
"nodes": [
"node_modules/js-cookie"
],
"fixAvailable": true
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"node-libs-browser": {
"name": "node-libs-browser",
"severity": "low",
"isDirect": false,
"via": [
"crypto-browserify"
],
"effects": [
"webpack"
],
"range": "0.4.2 || >=1.0.0",
"nodes": [
"node_modules/node-libs-browser"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109574,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
},
{
"source": 1117015,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<8.5.10"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<=8.5.9",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
},
{
"source": 1113719,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.14.1"
}
],
"effects": [],
"range": "<=6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": true
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": true
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1119440,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <7.0.5"
}
],
"effects": [
"terser-webpack-plugin"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript",
"node_modules/webpack/node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"tar": {
"name": "tar",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1112659,
"name": "tar",
"dependency": "tar",
"title": "node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"url": "https://github.com/advisories/GHSA-34x7-hfp2-rc4v",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
},
"range": "<7.5.7"
},
{
"source": 1113300,
"name": "tar",
"dependency": "tar",
"title": "node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization",
"url": "https://github.com/advisories/GHSA-8qq5-rm4j-mr97",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=7.5.2"
},
{
"source": 1113375,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction",
"url": "https://github.com/advisories/GHSA-83g3-92jg-28cx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
},
"range": "<7.5.8"
},
{
"source": 1114200,
"name": "tar",
"dependency": "tar",
"title": "tar has Hardlink Path Traversal via Drive-Relative Linkpath",
"url": "https://github.com/advisories/GHSA-qffp-2rhf-9h96",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=7.5.9"
},
{
"source": 1114302,
"name": "tar",
"dependency": "tar",
"title": "node-tar Symlink Path Traversal via Drive-Relative Linkpath",
"url": "https://github.com/advisories/GHSA-9ppj-qmqm-q256",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=7.5.10"
},
{
"source": 1114680,
"name": "tar",
"dependency": "tar",
"title": "Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS",
"url": "https://github.com/advisories/GHSA-r6q2-hw4h-h46w",
"severity": "high",
"cwe": [
"CWE-176",
"CWE-367"
],
"cvss": {
"score": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L"
},
"range": "<=7.5.3"
}
],
"effects": [
"cacache"
],
"range": "<=7.5.10",
"nodes": [
"node_modules/tar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"terser-webpack-plugin": {
"name": "terser-webpack-plugin",
"severity": "high",
"isDirect": false,
"via": [
"cacache",
"serialize-javascript",
"serialize-javascript"
],
"effects": [
"@storybook/builder-webpack4",
"webpack"
],
"range": "<=5.3.16",
"nodes": [
"node_modules/terser-webpack-plugin",
"node_modules/webpack/node_modules/terser-webpack-plugin"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"uuid": {
"name": "uuid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119441,
"name": "uuid",
"dependency": "uuid",
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
"severity": "moderate",
"cwe": [
"CWE-787",
"CWE-1285"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<11.1.1"
}
],
"effects": [
"webpack-log"
],
"range": "<11.1.1",
"nodes": [
"node_modules/uuid"
],
"fixAvailable": false
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"node-libs-browser",
"terser-webpack-plugin",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "2.0.0-beta - 5.1.0",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
},
"webpack-log"
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"webpack-log": {
"name": "webpack-log",
"severity": "moderate",
"isDirect": false,
"via": [
"uuid"
],
"effects": [
"webpack-dev-middleware"
],
"range": "1.1.0 - 2.0.0",
"nodes": [
"node_modules/webpack-log"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119108,
"name": "ws",
"dependency": "ws",
"title": "ws: Uninitialized memory disclosure",
"url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx",
"severity": "moderate",
"cwe": [
"CWE-908"
],
"cvss": {
"score": 4.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=8.0.0 <8.20.1"
}
],
"effects": [],
"range": "8.0.0 - 8.20.0",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 34,
"high": 29,
"critical": 0,
"total": 68
},
"dependencies": {
"prod": 1,
"dev": 2428,
"optional": 66,
"peer": 0,
"peerOptional": 0,
"total": 2428
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 37 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.10)
- Locking composer/xdebug-handler (3.0.5)
- Locking danog/advanced-json-rpc (v3.2.3)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.1)
- Locking doctrine/deprecations (1.1.6)
- Locking mediawiki/mediawiki-codesniffer (v50.0.0)
- Locking mediawiki/mediawiki-phan-config (0.20.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking mediawiki/phan-taint-check-plugin (9.1.0)
- Locking netresearch/jsonmapper (v5.0.1)
- Locking phan/phan (6.0.2)
- Locking phan/tolerant-php-parser (v0.2.0)
- Locking phan/var_representation_polyfill (0.1.4)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (6.0.3)
- Locking phpdocumentor/type-resolver (2.0.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (6.1.0)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v8.0.11)
- Locking symfony/deprecation-contracts (v3.7.0)
- Locking symfony/polyfill-ctype (v1.37.0)
- Locking symfony/polyfill-intl-grapheme (v1.37.0)
- Locking symfony/polyfill-intl-normalizer (v1.37.0)
- Locking symfony/polyfill-mbstring (v1.37.0)
- Locking symfony/service-contracts (v3.7.0)
- Locking symfony/string (v8.0.11)
- Locking webmozart/assert (2.4.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 37 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.1): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.37.0): Extracting archive
- Installing composer/spdx-licenses (1.5.10): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v50.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.37.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.37.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.37.0): Extracting archive
- Installing symfony/string (v8.0.11): Extracting archive
- Installing symfony/deprecation-contracts (v3.7.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.7.0): Extracting archive
- Installing symfony/console (v8.0.11): Extracting archive
- Installing sabre/event (6.1.0): Extracting archive
- Installing phan/var_representation_polyfill (0.1.4): Extracting archive
- Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
- Installing netresearch/jsonmapper (v5.0.1): Extracting archive
- Installing webmozart/assert (2.4.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (6.0.3): Extracting archive
- Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (6.0.2): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/35 [>---------------------------] 0%
28/35 [======================>-----] 80%
34/35 [===========================>] 97%
35/35 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/plugin-transform-modules-systemjs": {
"name": "@babel/plugin-transform-modules-systemjs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1117908,
"name": "@babel/plugin-transform-modules-systemjs",
"dependency": "@babel/plugin-transform-modules-systemjs",
"title": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input",
"url": "https://github.com/advisories/GHSA-fv7c-fp4j-7gwp",
"severity": "high",
"cwe": [
"CWE-94",
"CWE-843"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
},
"range": ">=7.12.0 <=7.29.3"
}
],
"effects": [],
"range": "7.12.0 - 7.29.0",
"nodes": [
"node_modules/@babel/plugin-transform-modules-systemjs"
],
"fixAvailable": true
},
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [
"@devtools-ds/object-inspector",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"range": "<7.26.10",
"nodes": [
"node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime",
"node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime",
"node_modules/@devtools-ds/themes/node_modules/@babel/runtime",
"node_modules/@devtools-ds/tree/node_modules/@babel/runtime"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-inspector": {
"name": "@devtools-ds/object-inspector",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"effects": [
"@storybook/addon-interactions"
],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-inspector"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-parser": {
"name": "@devtools-ds/object-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-parser"
],
"fixAvailable": true
},
"@devtools-ds/themes": {
"name": "@devtools-ds/themes",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/themes"
],
"fixAvailable": true
},
"@devtools-ds/tree": {
"name": "@devtools-ds/tree",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/themes"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/tree"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": true
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": true
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": true
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@devtools-ds/object-inspector",
"@storybook/core-common"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"terser-webpack-plugin",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/telemetry",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf"
],
"effects": [],
"range": "6.5.0-alpha.1 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"css-loader",
"terser-webpack-plugin",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": true
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue-docgen-loader"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"browserify-sign": {
"name": "browserify-sign",
"severity": "low",
"isDirect": false,
"via": [
"elliptic"
],
"effects": [
"crypto-browserify"
],
"range": ">=2.4.0",
"nodes": [
"node_modules/browserify-sign"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cacache": {
"name": "cacache",
"severity": "high",
"isDirect": false,
"via": [
"tar"
],
"effects": [
"terser-webpack-plugin"
],
"range": "14.0.0 - 18.0.4",
"nodes": [
"node_modules/cacache"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"create-ecdh": {
"name": "create-ecdh",
"severity": "low",
"isDirect": false,
"via": [
"elliptic"
],
"effects": [
"crypto-browserify"
],
"range": "*",
"nodes": [
"node_modules/create-ecdh"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"crypto-browserify": {
"name": "crypto-browserify",
"severity": "low",
"isDirect": false,
"via": [
"browserify-sign",
"create-ecdh"
],
"effects": [
"node-libs-browser"
],
"range": ">=3.4.0",
"nodes": [
"node_modules/crypto-browserify"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"elliptic": {
"name": "elliptic",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112030,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic Uses a Cryptographic Primitive with a Risky Implementation",
"url": "https://github.com/advisories/GHSA-848j-6mx2-7j84",
"severity": "low",
"cwe": [
"CWE-1240"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=6.6.1"
}
],
"effects": [
"browserify-sign",
"create-ecdh"
],
"range": "*",
"nodes": [
"node_modules/elliptic"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fast-uri": {
"name": "fast-uri",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1117870,
"name": "fast-uri",
"dependency": "fast-uri",
"title": "fast-uri vulnerable to path traversal via percent-encoded dot segments",
"url": "https://github.com/advisories/GHSA-q3j6-qgpj-74h6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.1.0"
},
{
"source": 1117884,
"name": "fast-uri",
"dependency": "fast-uri",
"title": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters",
"url": "https://github.com/advisories/GHSA-v39h-62p7-jpjc",
"severity": "high",
"cwe": [
"CWE-436"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.1.1"
}
],
"effects": [],
"range": "<=3.1.1",
"nodes": [
"node_modules/fast-uri"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": true
},
"js-cookie": {
"name": "js-cookie",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1119459,
"name": "js-cookie",
"dependency": "js-cookie",
"title": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection",
"url": "https://github.com/advisories/GHSA-qjx8-664m-686j",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.0.5"
}
],
"effects": [],
"range": "<=3.0.5",
"nodes": [
"node_modules/js-cookie"
],
"fixAvailable": true
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"node-libs-browser": {
"name": "node-libs-browser",
"severity": "low",
"isDirect": false,
"via": [
"crypto-browserify"
],
"effects": [
"webpack"
],
"range": "0.4.2 || >=1.0.0",
"nodes": [
"node_modules/node-libs-browser"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109574,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
},
{
"source": 1117015,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<8.5.10"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<=8.5.9",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
},
{
"source": 1113719,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.14.1"
}
],
"effects": [],
"range": "<=6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": true
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": true
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1119440,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <7.0.5"
}
],
"effects": [
"terser-webpack-plugin"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript",
"node_modules/webpack/node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"tar": {
"name": "tar",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1112659,
"name": "tar",
"dependency": "tar",
"title": "node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"url": "https://github.com/advisories/GHSA-34x7-hfp2-rc4v",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
},
"range": "<7.5.7"
},
{
"source": 1113300,
"name": "tar",
"dependency": "tar",
"title": "node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization",
"url": "https://github.com/advisories/GHSA-8qq5-rm4j-mr97",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=7.5.2"
},
{
"source": 1113375,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction",
"url": "https://github.com/advisories/GHSA-83g3-92jg-28cx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
},
"range": "<7.5.8"
},
{
"source": 1114200,
"name": "tar",
"dependency": "tar",
"title": "tar has Hardlink Path Traversal via Drive-Relative Linkpath",
"url": "https://github.com/advisories/GHSA-qffp-2rhf-9h96",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=7.5.9"
},
{
"source": 1114302,
"name": "tar",
"dependency": "tar",
"title": "node-tar Symlink Path Traversal via Drive-Relative Linkpath",
"url": "https://github.com/advisories/GHSA-9ppj-qmqm-q256",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=7.5.10"
},
{
"source": 1114680,
"name": "tar",
"dependency": "tar",
"title": "Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS",
"url": "https://github.com/advisories/GHSA-r6q2-hw4h-h46w",
"severity": "high",
"cwe": [
"CWE-176",
"CWE-367"
],
"cvss": {
"score": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L"
},
"range": "<=7.5.3"
}
],
"effects": [
"cacache"
],
"range": "<=7.5.10",
"nodes": [
"node_modules/tar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"terser-webpack-plugin": {
"name": "terser-webpack-plugin",
"severity": "high",
"isDirect": false,
"via": [
"cacache",
"serialize-javascript",
"serialize-javascript"
],
"effects": [
"@storybook/builder-webpack4",
"webpack"
],
"range": "<=5.3.16",
"nodes": [
"node_modules/terser-webpack-plugin",
"node_modules/webpack/node_modules/terser-webpack-plugin"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"uuid": {
"name": "uuid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119441,
"name": "uuid",
"dependency": "uuid",
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
"severity": "moderate",
"cwe": [
"CWE-787",
"CWE-1285"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<11.1.1"
}
],
"effects": [
"webpack-log"
],
"range": "<11.1.1",
"nodes": [
"node_modules/uuid"
],
"fixAvailable": false
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"node-libs-browser",
"terser-webpack-plugin",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "2.0.0-beta - 5.1.0",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
},
"webpack-log"
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"webpack-log": {
"name": "webpack-log",
"severity": "moderate",
"isDirect": false,
"via": [
"uuid"
],
"effects": [
"webpack-dev-middleware"
],
"range": "1.1.0 - 2.0.0",
"nodes": [
"node_modules/webpack-log"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119108,
"name": "ws",
"dependency": "ws",
"title": "ws: Uninitialized memory disclosure",
"url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx",
"severity": "moderate",
"cwe": [
"CWE-908"
],
"cvss": {
"score": 4.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=8.0.0 <8.20.1"
}
],
"effects": [],
"range": "8.0.0 - 8.20.0",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 34,
"high": 29,
"critical": 0,
"total": 68
},
"dependencies": {
"prod": 1,
"dev": 2428,
"optional": 66,
"peer": 0,
"peerOptional": 0,
"total": 2428
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 2428,
"removed": 0,
"changed": 0,
"audited": 2429,
"funding": 339,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/plugin-transform-modules-systemjs": {
"name": "@babel/plugin-transform-modules-systemjs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1117908,
"name": "@babel/plugin-transform-modules-systemjs",
"dependency": "@babel/plugin-transform-modules-systemjs",
"title": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input",
"url": "https://github.com/advisories/GHSA-fv7c-fp4j-7gwp",
"severity": "high",
"cwe": [
"CWE-94",
"CWE-843"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
},
"range": ">=7.12.0 <=7.29.3"
}
],
"effects": [],
"range": "7.12.0 - 7.29.0",
"nodes": [
""
],
"fixAvailable": true
},
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [
"@devtools-ds/object-inspector",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"range": "<7.26.10",
"nodes": [
"node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime",
"node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime",
"node_modules/@devtools-ds/themes/node_modules/@babel/runtime",
"node_modules/@devtools-ds/tree/node_modules/@babel/runtime"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-inspector": {
"name": "@devtools-ds/object-inspector",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"effects": [
"@storybook/addon-interactions"
],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-inspector"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-parser": {
"name": "@devtools-ds/object-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-parser"
],
"fixAvailable": true
},
"@devtools-ds/themes": {
"name": "@devtools-ds/themes",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/themes"
],
"fixAvailable": true
},
"@devtools-ds/tree": {
"name": "@devtools-ds/tree",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/themes"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/tree"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": true
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": true
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": true
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@devtools-ds/object-inspector",
"@storybook/core-common"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"terser-webpack-plugin",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/telemetry",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf"
],
"effects": [],
"range": "6.5.0-alpha.1 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"css-loader",
"terser-webpack-plugin",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": true
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue-docgen-loader"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"browserify-sign": {
"name": "browserify-sign",
"severity": "low",
"isDirect": false,
"via": [
"elliptic"
],
"effects": [
"crypto-browserify"
],
"range": ">=2.4.0",
"nodes": [
"node_modules/browserify-sign"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cacache": {
"name": "cacache",
"severity": "high",
"isDirect": false,
"via": [
"tar"
],
"effects": [
"terser-webpack-plugin"
],
"range": "14.0.0 - 18.0.4",
"nodes": [
"node_modules/cacache"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"create-ecdh": {
"name": "create-ecdh",
"severity": "low",
"isDirect": false,
"via": [
"elliptic"
],
"effects": [
"crypto-browserify"
],
"range": "*",
"nodes": [
"node_modules/create-ecdh"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"crypto-browserify": {
"name": "crypto-browserify",
"severity": "low",
"isDirect": false,
"via": [
"browserify-sign",
"create-ecdh"
],
"effects": [
"node-libs-browser"
],
"range": ">=3.4.0",
"nodes": [
"node_modules/crypto-browserify"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"elliptic": {
"name": "elliptic",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112030,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic Uses a Cryptographic Primitive with a Risky Implementation",
"url": "https://github.com/advisories/GHSA-848j-6mx2-7j84",
"severity": "low",
"cwe": [
"CWE-1240"
],
"cvss": {
"score": 5.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
},
"range": "<=6.6.1"
}
],
"effects": [
"browserify-sign",
"create-ecdh"
],
"range": "*",
"nodes": [
"node_modules/elliptic"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fast-uri": {
"name": "fast-uri",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1117870,
"name": "fast-uri",
"dependency": "fast-uri",
"title": "fast-uri vulnerable to path traversal via percent-encoded dot segments",
"url": "https://github.com/advisories/GHSA-q3j6-qgpj-74h6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.1.0"
},
{
"source": 1117884,
"name": "fast-uri",
"dependency": "fast-uri",
"title": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters",
"url": "https://github.com/advisories/GHSA-v39h-62p7-jpjc",
"severity": "high",
"cwe": [
"CWE-436"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.1.1"
}
],
"effects": [],
"range": "<=3.1.1",
"nodes": [
""
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": true
},
"js-cookie": {
"name": "js-cookie",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1119459,
"name": "js-cookie",
"dependency": "js-cookie",
"title": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection",
"url": "https://github.com/advisories/GHSA-qjx8-664m-686j",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.0.5"
}
],
"effects": [],
"range": "<=3.0.5",
"nodes": [
""
],
"fixAvailable": true
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"node-libs-browser": {
"name": "node-libs-browser",
"severity": "low",
"isDirect": false,
"via": [
"crypto-browserify"
],
"effects": [
"webpack"
],
"range": "0.4.2 || >=1.0.0",
"nodes": [
"node_modules/node-libs-browser"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109574,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
},
{
"source": 1117015,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<8.5.10"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<=8.5.9",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"qs": {
"name": "qs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
},
{
"source": 1113719,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.14.1"
}
],
"effects": [],
"range": "<=6.14.1",
"nodes": [
""
],
"fixAvailable": true
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": true
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": true
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1119440,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <7.0.5"
}
],
"effects": [
"terser-webpack-plugin"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript",
"node_modules/webpack/node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"tar": {
"name": "tar",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1112659,
"name": "tar",
"dependency": "tar",
"title": "node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"url": "https://github.com/advisories/GHSA-34x7-hfp2-rc4v",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
},
"range": "<7.5.7"
},
{
"source": 1113300,
"name": "tar",
"dependency": "tar",
"title": "node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization",
"url": "https://github.com/advisories/GHSA-8qq5-rm4j-mr97",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=7.5.2"
},
{
"source": 1113375,
"name": "tar",
"dependency": "tar",
"title": "Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction",
"url": "https://github.com/advisories/GHSA-83g3-92jg-28cx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
},
"range": "<7.5.8"
},
{
"source": 1114200,
"name": "tar",
"dependency": "tar",
"title": "tar has Hardlink Path Traversal via Drive-Relative Linkpath",
"url": "https://github.com/advisories/GHSA-qffp-2rhf-9h96",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-59"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=7.5.9"
},
{
"source": 1114302,
"name": "tar",
"dependency": "tar",
"title": "node-tar Symlink Path Traversal via Drive-Relative Linkpath",
"url": "https://github.com/advisories/GHSA-9ppj-qmqm-q256",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=7.5.10"
},
{
"source": 1114680,
"name": "tar",
"dependency": "tar",
"title": "Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS",
"url": "https://github.com/advisories/GHSA-r6q2-hw4h-h46w",
"severity": "high",
"cwe": [
"CWE-176",
"CWE-367"
],
"cvss": {
"score": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L"
},
"range": "<=7.5.3"
}
],
"effects": [
"cacache"
],
"range": "<=7.5.10",
"nodes": [
"node_modules/tar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"terser-webpack-plugin": {
"name": "terser-webpack-plugin",
"severity": "high",
"isDirect": false,
"via": [
"cacache",
"serialize-javascript",
"serialize-javascript"
],
"effects": [
"@storybook/builder-webpack4",
"webpack"
],
"range": "<=5.3.16",
"nodes": [
"node_modules/terser-webpack-plugin",
"node_modules/webpack/node_modules/terser-webpack-plugin"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"uuid": {
"name": "uuid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119441,
"name": "uuid",
"dependency": "uuid",
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
"severity": "moderate",
"cwe": [
"CWE-787",
"CWE-1285"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<11.1.1"
}
],
"effects": [
"webpack-log"
],
"range": "<11.1.1",
"nodes": [
"node_modules/uuid"
],
"fixAvailable": false
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "10.4.0",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"node-libs-browser",
"terser-webpack-plugin",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "2.0.0-beta - 5.1.0",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
},
"webpack-log"
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"webpack-log": {
"name": "webpack-log",
"severity": "moderate",
"isDirect": false,
"via": [
"uuid"
],
"effects": [
"webpack-dev-middleware"
],
"range": "1.1.0 - 2.0.0",
"nodes": [
"node_modules/webpack-log"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119108,
"name": "ws",
"dependency": "ws",
"title": "ws: Uninitialized memory disclosure",
"url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx",
"severity": "moderate",
"cwe": [
"CWE-908"
],
"cvss": {
"score": 4.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=8.0.0 <8.20.1"
}
],
"effects": [],
"range": "8.0.0 - 8.20.0",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 34,
"high": 29,
"critical": 0,
"total": 68
},
"dependencies": {
"prod": 1,
"dev": 2428,
"optional": 66,
"peer": 0,
"peerOptional": 0,
"total": 2428
}
}
}
}
--- end ---
{"added": 2428, "removed": 0, "changed": 0, "audited": 2429, "funding": 339, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/plugin-transform-modules-systemjs": {"name": "@babel/plugin-transform-modules-systemjs", "severity": "high", "isDirect": false, "via": [{"source": 1117908, "name": "@babel/plugin-transform-modules-systemjs", "dependency": "@babel/plugin-transform-modules-systemjs", "title": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input", "url": "https://github.com/advisories/GHSA-fv7c-fp4j-7gwp", "severity": "high", "cwe": ["CWE-94", "CWE-843"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}, "range": ">=7.12.0 <=7.29.3"}], "effects": [], "range": "7.12.0 - 7.29.0", "nodes": [""], "fixAvailable": true}, "@babel/runtime": {"name": "@babel/runtime", "severity": "moderate", "isDirect": false, "via": [{"source": 1104000, "name": "@babel/runtime", "dependency": "@babel/runtime", "title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups", "url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<7.26.10"}], "effects": ["@devtools-ds/object-inspector", "@devtools-ds/object-parser", "@devtools-ds/themes", "@devtools-ds/tree"], "range": "<7.26.10", "nodes": ["node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime", "node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime", "node_modules/@devtools-ds/themes/node_modules/@babel/runtime", "node_modules/@devtools-ds/tree/node_modules/@babel/runtime"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "@devtools-ds/object-inspector": {"name": "@devtools-ds/object-inspector", "severity": "moderate", "isDirect": false, "via": ["@babel/runtime", "@devtools-ds/object-parser", "@devtools-ds/themes", "@devtools-ds/tree"], "effects": ["@storybook/addon-interactions"], "range": "*", "nodes": ["node_modules/@devtools-ds/object-inspector"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "@devtools-ds/object-parser": {"name": "@devtools-ds/object-parser", "severity": "moderate", "isDirect": false, "via": ["@babel/runtime"], "effects": [], "range": "*", "nodes": ["node_modules/@devtools-ds/object-parser"], "fixAvailable": true}, "@devtools-ds/themes": {"name": "@devtools-ds/themes", "severity": "moderate", "isDirect": false, "via": ["@babel/runtime"], "effects": [], "range": "*", "nodes": ["node_modules/@devtools-ds/themes"], "fixAvailable": true}, "@devtools-ds/tree": {"name": "@devtools-ds/tree", "severity": "moderate", "isDirect": false, "via": ["@babel/runtime", "@devtools-ds/themes"], "effects": [], "range": "*", "nodes": ["node_modules/@devtools-ds/tree"], "fixAvailable": true}, "@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["jest-haste-map"], "effects": ["@storybook/addon-docs"], "range": "<=26.6.2", "nodes": ["node_modules/@storybook/addon-docs/node_modules/@jest/transform"], "fixAvailable": true}, "@mdx-js/mdx": {"name": "@mdx-js/mdx", "severity": "high", "isDirect": false, "via": ["remark-mdx", "remark-parse"], "effects": ["@storybook/mdx1-csf"], "range": "<=1.6.22", "nodes": ["node_modules/@mdx-js/mdx"], "fixAvailable": true}, "@storybook/addon-controls": {"name": "@storybook/addon-controls", "severity": "moderate", "isDirect": false, "via": ["@storybook/core-common"], "effects": ["@storybook/addon-essentials"], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-controls"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/addon-docs": {"name": "@storybook/addon-docs", "severity": "high", "isDirect": false, "via": ["@jest/transform", "@storybook/core-common", "@storybook/mdx1-csf"], "effects": [], "range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2", "nodes": ["node_modules/@storybook/addon-docs"], "fixAvailable": true}, "@storybook/addon-essentials": {"name": "@storybook/addon-essentials", "severity": "moderate", "isDirect": true, "via": ["@storybook/addon-controls", "@storybook/addon-docs", "@storybook/core-common"], "effects": [], "range": "6.4.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/addon-essentials"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/addon-interactions": {"name": "@storybook/addon-interactions", "severity": "moderate", "isDirect": true, "via": ["@devtools-ds/object-inspector", "@storybook/core-common"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-interactions"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/builder-webpack4": {"name": "@storybook/builder-webpack4", "severity": "high", "isDirect": true, "via": ["@storybook/core-common", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "postcss", "postcss-flexbugs-fixes", "terser-webpack-plugin", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/@storybook/builder-webpack4"], "fixAvailable": false}, "@storybook/core": {"name": "@storybook/core", "severity": "high", "isDirect": false, "via": ["@storybook/core-server"], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core"], "fixAvailable": true}, "@storybook/core-common": {"name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": ["webpack"], "effects": ["@storybook/addon-controls", "@storybook/addon-docs", "@storybook/addon-essentials", "@storybook/addon-interactions", "@storybook/telemetry"], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core-common"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/core-server": {"name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": ["@storybook/builder-webpack4", "@storybook/core-common", "@storybook/csf-tools", "@storybook/manager-webpack4", "@storybook/telemetry", "cpy", "ip", "webpack"], "effects": ["@storybook/core"], "range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3", "nodes": ["node_modules/@storybook/core-server"], "fixAvailable": true}, "@storybook/csf-tools": {"name": "@storybook/csf-tools", "severity": "high", "isDirect": false, "via": ["@storybook/mdx1-csf"], "effects": [], "range": "6.5.0-alpha.1 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/csf-tools"], "fixAvailable": true}, "@storybook/manager-webpack4": {"name": "@storybook/manager-webpack4", "severity": "high", "isDirect": true, "via": ["@storybook/core-common", "css-loader", "terser-webpack-plugin", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/@storybook/manager-webpack4"], "fixAvailable": false}, "@storybook/mdx1-csf": {"name": "@storybook/mdx1-csf", "severity": "high", "isDirect": false, "via": ["@mdx-js/mdx"], "effects": ["@storybook/addon-docs", "@storybook/csf-tools"], "range": "*", "nodes": ["node_modules/@storybook/mdx1-csf"], "fixAvailable": true}, "@storybook/telemetry": {"name": "@storybook/telemetry", "severity": "moderate", "isDirect": false, "via": ["@storybook/core-common"], "effects": ["@storybook/core-server"], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/telemetry"], "fixAvailable": true}, "@storybook/vue3": {"name": "@storybook/vue3", "severity": "high", "isDirect": true, "via": ["@storybook/core", "@storybook/core-common", "vue-docgen-loader"], "effects": [], "range": "<=6.5.17-alpha.0", "nodes": ["node_modules/@storybook/vue3"], "fixAvailable": {"name": "@storybook/vue3", "version": "10.4.0", "isSemVerMajor": true}}, "anymatch": {"name": "anymatch", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar", "sane"], "range": "1.2.0 - 2.0.0", "nodes": ["node_modules/sane/node_modules/anymatch", "node_modules/watchpack-chokidar2/node_modules/anymatch"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-400", "CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": ["chokidar", "micromatch"], "range": "<3.0.3", "nodes": ["node_modules/cpy/node_modules/braces", "node_modules/fork-ts-checker-webpack-plugin/node_modules/braces", "node_modules/jscodeshift/node_modules/braces", "node_modules/sane/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces"], "fixAvailable": {"name": "@storybook/vue3", "version": "10.4.0", "isSemVerMajor": true}}, "browserify-sign": {"name": "browserify-sign", "severity": "low", "isDirect": false, "via": ["elliptic"], "effects": ["crypto-browserify"], "range": ">=2.4.0", "nodes": ["node_modules/browserify-sign"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "cacache": {"name": "cacache", "severity": "high", "isDirect": false, "via": ["tar"], "effects": ["terser-webpack-plugin"], "range": "14.0.0 - 18.0.4", "nodes": ["node_modules/cacache"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["anymatch", "braces", "readdirp"], "effects": ["watchpack-chokidar2"], "range": "1.3.0 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "cpy": {"name": "cpy", "severity": "moderate", "isDirect": false, "via": ["globby"], "effects": ["@storybook/core-server"], "range": "7.0.0 - 8.1.2", "nodes": ["node_modules/cpy"], "fixAvailable": true}, "create-ecdh": {"name": "create-ecdh", "severity": "low", "isDirect": false, "via": ["elliptic"], "effects": ["crypto-browserify"], "range": "*", "nodes": ["node_modules/create-ecdh"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "crypto-browserify": {"name": "crypto-browserify", "severity": "low", "isDirect": false, "via": ["browserify-sign", "create-ecdh"], "effects": ["node-libs-browser"], "range": ">=3.4.0", "nodes": ["node_modules/crypto-browserify"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "css-loader": {"name": "css-loader", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": ["node_modules/css-loader"], "fixAvailable": true}, "elliptic": {"name": "elliptic", "severity": "low", "isDirect": false, "via": [{"source": 1112030, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic Uses a Cryptographic Primitive with a Risky Implementation", "url": "https://github.com/advisories/GHSA-848j-6mx2-7j84", "severity": "low", "cwe": ["CWE-1240"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<=6.6.1"}], "effects": ["browserify-sign", "create-ecdh"], "range": "*", "nodes": ["node_modules/elliptic"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "fast-glob": {"name": "fast-glob", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/cpy/node_modules/fast-glob"], "fixAvailable": true}, "fast-uri": {"name": "fast-uri", "severity": "high", "isDirect": false, "via": [{"source": 1117870, "name": "fast-uri", "dependency": "fast-uri", "title": "fast-uri vulnerable to path traversal via percent-encoded dot segments", "url": "https://github.com/advisories/GHSA-q3j6-qgpj-74h6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<=3.1.0"}, {"source": 1117884, "name": "fast-uri", "dependency": "fast-uri", "title": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters", "url": "https://github.com/advisories/GHSA-v39h-62p7-jpjc", "severity": "high", "cwe": ["CWE-436"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<=3.1.1"}], "effects": [], "range": "<=3.1.1", "nodes": [""], "fixAvailable": true}, "fork-ts-checker-webpack-plugin": {"name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": [], "range": "0.4.14 - 4.1.6", "nodes": ["node_modules/fork-ts-checker-webpack-plugin"], "fixAvailable": true}, "globby": {"name": "globby", "severity": "moderate", "isDirect": false, "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/cpy/node_modules/globby"], "fixAvailable": true}, "icss-utils": {"name": "icss-utils", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["css-loader", "postcss-modules-local-by-default", "postcss-modules-values"], "range": "<=4.1.1", "nodes": ["node_modules/icss-utils"], "fixAvailable": true}, "ip": {"name": "ip", "severity": "high", "isDirect": false, "via": [{"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/ip"], "fixAvailable": true}, "jest-haste-map": {"name": "jest-haste-map", "severity": "moderate", "isDirect": false, "via": ["sane"], "effects": ["@jest/transform"], "range": "24.0.0-alpha.0 - 26.6.2", "nodes": ["node_modules/@storybook/addon-docs/node_modules/jest-haste-map"], "fixAvailable": true}, "js-cookie": {"name": "js-cookie", "severity": "high", "isDirect": false, "via": [{"source": 1119459, "name": "js-cookie", "dependency": "js-cookie", "title": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection", "url": "https://github.com/advisories/GHSA-qjx8-664m-686j", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<=3.0.5"}], "effects": [], "range": "<=3.0.5", "nodes": [""], "fixAvailable": true}, "jscodeshift": {"name": "jscodeshift", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["vue-docgen-loader"], "range": "0.3.20 - 0.13.1", "nodes": ["node_modules/jscodeshift"], "fixAvailable": {"name": "@storybook/vue3", "version": "10.4.0", "isSemVerMajor": true}}, "meow": {"name": "meow", "severity": "high", "isDirect": false, "via": ["trim-newlines"], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": ["node_modules/default-browser-id/node_modules/meow"], "fixAvailable": true}, "micromatch": {"name": "micromatch", "severity": "high", "isDirect": false, "via": [{"source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<4.0.8"}, "braces"], "effects": ["anymatch", "fast-glob", "fork-ts-checker-webpack-plugin", "jscodeshift", "readdirp", "sane", "webpack"], "range": "<=4.0.7", "nodes": ["node_modules/cpy/node_modules/micromatch", "node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch", "node_modules/jscodeshift/node_modules/micromatch", "node_modules/sane/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch"], "fixAvailable": {"name": "@storybook/vue3", "version": "10.4.0", "isSemVerMajor": true}}, "node-libs-browser": {"name": "node-libs-browser", "severity": "low", "isDirect": false, "via": ["crypto-browserify"], "effects": ["webpack"], "range": "0.4.2 || >=1.0.0", "nodes": ["node_modules/node-libs-browser"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1109574, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}, {"source": 1117015, "name": "postcss", "dependency": "postcss", "title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output", "url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<8.5.10"}], "effects": ["@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "range": "<=8.5.9", "nodes": ["node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss"], "fixAvailable": false}, "postcss-flexbugs-fixes": {"name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.2.1", "nodes": ["node_modules/postcss-flexbugs-fixes"], "fixAvailable": true}, "postcss-modules-extract-imports": {"name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/postcss-modules-extract-imports"], "fixAvailable": true}, "postcss-modules-local-by-default": {"name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": [], "range": "<=4.0.0-rc.4", "nodes": ["node_modules/postcss-modules-local-by-default"], "fixAvailable": true}, "postcss-modules-scope": {"name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.2.0", "nodes": ["node_modules/postcss-modules-scope"], "fixAvailable": true}, "postcss-modules-values": {"name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": ["css-loader"], "range": "<=4.0.0-rc.5", "nodes": ["node_modules/postcss-modules-values"], "fixAvailable": true}, "qs": {"name": "qs", "severity": "moderate", "isDirect": false, "via": [{"source": 1113161, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in comma parsing allows denial of service", "url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883", "severity": "low", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=6.7.0 <=6.14.1"}, {"source": 1113719, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<6.14.1"}], "effects": [], "range": "<=6.14.1", "nodes": [""], "fixAvailable": true}, "readdirp": {"name": "readdirp", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "2.2.0 - 2.2.1", "nodes": ["node_modules/watchpack-chokidar2/node_modules/readdirp"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "remark-mdx": {"name": "remark-mdx", "severity": "high", "isDirect": false, "via": ["remark-parse"], "effects": ["@mdx-js/mdx"], "range": "<=1.6.22", "nodes": ["node_modules/remark-mdx"], "fixAvailable": true}, "remark-parse": {"name": "remark-parse", "severity": "high", "isDirect": false, "via": ["trim"], "effects": ["@mdx-js/mdx", "remark-mdx"], "range": "<=8.0.3", "nodes": ["node_modules/remark-parse"], "fixAvailable": true}, "sane": {"name": "sane", "severity": "moderate", "isDirect": false, "via": ["anymatch", "micromatch"], "effects": ["jest-haste-map"], "range": "1.5.0 - 4.1.0", "nodes": ["node_modules/sane"], "fixAvailable": true}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}, {"source": 1119440, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects", "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v", "severity": "moderate", "cwe": ["CWE-400", "CWE-834"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <7.0.5"}], "effects": ["terser-webpack-plugin"], "range": "<=7.0.4", "nodes": ["node_modules/serialize-javascript", "node_modules/webpack/node_modules/serialize-javascript"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "tar": {"name": "tar", "severity": "high", "isDirect": false, "via": [{"source": 1112659, "name": "tar", "dependency": "tar", "title": "node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal", "url": "https://github.com/advisories/GHSA-34x7-hfp2-rc4v", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"}, "range": "<7.5.7"}, {"source": 1113300, "name": "tar", "dependency": "tar", "title": "node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization", "url": "https://github.com/advisories/GHSA-8qq5-rm4j-mr97", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 0, "vectorString": null}, "range": "<=7.5.2"}, {"source": 1113375, "name": "tar", "dependency": "tar", "title": "Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction", "url": "https://github.com/advisories/GHSA-83g3-92jg-28cx", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}, "range": "<7.5.8"}, {"source": 1114200, "name": "tar", "dependency": "tar", "title": "tar has Hardlink Path Traversal via Drive-Relative Linkpath", "url": "https://github.com/advisories/GHSA-qffp-2rhf-9h96", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 0, "vectorString": null}, "range": "<=7.5.9"}, {"source": 1114302, "name": "tar", "dependency": "tar", "title": "node-tar Symlink Path Traversal via Drive-Relative Linkpath", "url": "https://github.com/advisories/GHSA-9ppj-qmqm-q256", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 0, "vectorString": null}, "range": "<=7.5.10"}, {"source": 1114680, "name": "tar", "dependency": "tar", "title": "Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS", "url": "https://github.com/advisories/GHSA-r6q2-hw4h-h46w", "severity": "high", "cwe": ["CWE-176", "CWE-367"], "cvss": {"score": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L"}, "range": "<=7.5.3"}], "effects": ["cacache"], "range": "<=7.5.10", "nodes": ["node_modules/tar"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "terser-webpack-plugin": {"name": "terser-webpack-plugin", "severity": "high", "isDirect": false, "via": ["cacache", "serialize-javascript", "serialize-javascript"], "effects": ["@storybook/builder-webpack4", "webpack"], "range": "<=5.3.16", "nodes": ["node_modules/terser-webpack-plugin", "node_modules/webpack/node_modules/terser-webpack-plugin"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "trim": {"name": "trim", "severity": "high", "isDirect": false, "via": [{"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}], "effects": ["remark-parse"], "range": "<0.0.3", "nodes": ["node_modules/trim"], "fixAvailable": true}, "trim-newlines": {"name": "trim-newlines", "severity": "high", "isDirect": false, "via": [{"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}], "effects": ["meow"], "range": "<3.0.1", "nodes": ["node_modules/trim-newlines"], "fixAvailable": true}, "uuid": {"name": "uuid", "severity": "moderate", "isDirect": false, "via": [{"source": 1119441, "name": "uuid", "dependency": "uuid", "title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", "url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", "severity": "moderate", "cwe": ["CWE-787", "CWE-1285"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<11.1.1"}], "effects": ["webpack-log"], "range": "<11.1.1", "nodes": ["node_modules/uuid"], "fixAvailable": false}, "vue-docgen-loader": {"name": "vue-docgen-loader", "severity": "moderate", "isDirect": false, "via": ["jscodeshift"], "effects": ["@storybook/vue3"], "range": "1.3.0-beta.0 - 2.0.0", "nodes": ["node_modules/vue-docgen-loader"], "fixAvailable": {"name": "@storybook/vue3", "version": "10.4.0", "isSemVerMajor": true}}, "watchpack": {"name": "watchpack", "severity": "high", "isDirect": false, "via": ["watchpack-chokidar2"], "effects": ["webpack"], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/webpack/node_modules/watchpack"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "webpack": {"name": "webpack", "severity": "high", "isDirect": false, "via": ["micromatch", "node-libs-browser", "terser-webpack-plugin", "watchpack"], "effects": ["@storybook/core-common"], "range": "2.0.0-beta - 5.1.0", "nodes": ["node_modules/webpack"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "webpack-dev-middleware": {"name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [{"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}, "webpack-log"], "effects": ["@storybook/manager-webpack4"], "range": "<=5.3.3", "nodes": ["node_modules/webpack-dev-middleware"], "fixAvailable": false}, "webpack-log": {"name": "webpack-log", "severity": "moderate", "isDirect": false, "via": ["uuid"], "effects": ["webpack-dev-middleware"], "range": "1.1.0 - 2.0.0", "nodes": ["node_modules/webpack-log"], "fixAvailable": false}, "ws": {"name": "ws", "severity": "moderate", "isDirect": false, "via": [{"source": 1119108, "name": "ws", "dependency": "ws", "title": "ws: Uninitialized memory disclosure", "url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx", "severity": "moderate", "cwe": ["CWE-908"], "cvss": {"score": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=8.0.0 <8.20.1"}], "effects": [], "range": "8.0.0 - 8.20.0", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 5, "moderate": 34, "high": 29, "critical": 0, "total": 68}, "dependencies": {"prod": 1, "dev": 2428, "optional": 66, "peer": 0, "peerOptional": 0, "total": 2428}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
--- stdout ---
added 2423 packages, and audited 2424 packages in 49s
339 packages are looking for funding
run `npm fund` for details
# npm audit report
@babel/runtime <7.26.10
Severity: moderate
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8
fix available via `npm audit fix --force`
Will install @storybook/addon-interactions@8.6.14, which is a breaking change
node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime
node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime
node_modules/@devtools-ds/themes/node_modules/@babel/runtime
node_modules/@devtools-ds/tree/node_modules/@babel/runtime
@devtools-ds/object-inspector *
Depends on vulnerable versions of @babel/runtime
Depends on vulnerable versions of @devtools-ds/object-parser
Depends on vulnerable versions of @devtools-ds/themes
Depends on vulnerable versions of @devtools-ds/tree
node_modules/@devtools-ds/object-inspector
@storybook/addon-interactions <=7.0.0-rc.11
Depends on vulnerable versions of @devtools-ds/object-inspector
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/addon-interactions
@devtools-ds/object-parser *
Depends on vulnerable versions of @babel/runtime
node_modules/@devtools-ds/object-parser
@devtools-ds/themes *
Depends on vulnerable versions of @babel/runtime
node_modules/@devtools-ds/themes
@devtools-ds/tree *
Depends on vulnerable versions of @babel/runtime
Depends on vulnerable versions of @devtools-ds/themes
node_modules/@devtools-ds/tree
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix --force`
Will install @storybook/vue3@10.4.0, which is a breaking change
node_modules/cpy/node_modules/braces
node_modules/fork-ts-checker-webpack-plugin/node_modules/braces
node_modules/jscodeshift/node_modules/braces
node_modules/sane/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
node_modules/webpack/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/webpack/node_modules/watchpack
webpack 2.0.0-beta - 5.1.0
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of node-libs-browser
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of watchpack
node_modules/webpack
@storybook/core-common <=6.5.17-alpha.0
Depends on vulnerable versions of webpack
node_modules/@storybook/core-common
@storybook/addon-controls 6.4.0-alpha.0 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/addon-controls
@storybook/addon-essentials 6.4.0-alpha.0 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/addon-controls
Depends on vulnerable versions of @storybook/addon-docs
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/addon-essentials
@storybook/addon-docs 5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/mdx1-csf
node_modules/@storybook/addon-docs
@storybook/telemetry <=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/telemetry
@storybook/core-server <=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3
Depends on vulnerable versions of @storybook/builder-webpack4
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of @storybook/manager-webpack4
Depends on vulnerable versions of @storybook/telemetry
Depends on vulnerable versions of cpy
Depends on vulnerable versions of ip
Depends on vulnerable versions of webpack
node_modules/@storybook/core-server
@storybook/core 6.2.0-alpha.0 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/core
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/cpy/node_modules/micromatch
node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch
node_modules/jscodeshift/node_modules/micromatch
node_modules/sane/node_modules/micromatch
node_modules/watchpack-chokidar2/node_modules/micromatch
node_modules/webpack/node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/sane/node_modules/anymatch
node_modules/watchpack-chokidar2/node_modules/anymatch
sane 1.5.0 - 4.1.0
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of micromatch
node_modules/sane
jest-haste-map 24.0.0-alpha.0 - 26.6.2
Depends on vulnerable versions of sane
node_modules/@storybook/addon-docs/node_modules/jest-haste-map
@jest/transform <=26.6.2
Depends on vulnerable versions of jest-haste-map
node_modules/@storybook/addon-docs/node_modules/@jest/transform
fast-glob <=2.2.7
Depends on vulnerable versions of micromatch
node_modules/cpy/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/cpy/node_modules/globby
cpy 7.0.0 - 8.1.2
Depends on vulnerable versions of globby
node_modules/cpy
fork-ts-checker-webpack-plugin 0.4.14 - 4.1.6
Depends on vulnerable versions of micromatch
node_modules/fork-ts-checker-webpack-plugin
jscodeshift 0.3.20 - 0.13.1
Depends on vulnerable versions of micromatch
node_modules/jscodeshift
vue-docgen-loader 1.3.0-beta.0 - 2.0.0
Depends on vulnerable versions of jscodeshift
node_modules/vue-docgen-loader
@storybook/vue3 <=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of vue-docgen-loader
node_modules/@storybook/vue3
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/watchpack-chokidar2/node_modules/readdirp
elliptic *
Elliptic Uses a Cryptographic Primitive with a Risky Implementation - https://github.com/advisories/GHSA-848j-6mx2-7j84
fix available via `npm audit fix --force`
Will install @storybook/addon-essentials@8.6.14, which is a breaking change
node_modules/elliptic
browserify-sign >=2.4.0
Depends on vulnerable versions of elliptic
node_modules/browserify-sign
crypto-browserify >=3.4.0
Depends on vulnerable versions of browserify-sign
Depends on vulnerable versions of create-ecdh
node_modules/crypto-browserify
node-libs-browser 0.4.2 || >=1.0.0
Depends on vulnerable versions of crypto-browserify
node_modules/node-libs-browser
create-ecdh *
Depends on vulnerable versions of elliptic
node_modules/create-ecdh
ip *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/ip
postcss <=8.5.9
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output - https://github.com/advisories/GHSA-qx2v-qp2m-jg93
No fix available
node_modules/@storybook/builder-webpack4/node_modules/postcss
node_modules/autoprefixer/node_modules/postcss
node_modules/css-loader/node_modules/postcss
node_modules/icss-utils/node_modules/postcss
node_modules/postcss-flexbugs-fixes/node_modules/postcss
node_modules/postcss-modules-extract-imports/node_modules/postcss
node_modules/postcss-modules-local-by-default/node_modules/postcss
node_modules/postcss-modules-scope/node_modules/postcss
node_modules/postcss-modules-values/node_modules/postcss
@storybook/builder-webpack4 *
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of fork-ts-checker-webpack-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-flexbugs-fixes
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@storybook/builder-webpack4
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/css-loader
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-values
postcss-flexbugs-fixes <=4.2.1
Depends on vulnerable versions of postcss
node_modules/postcss-flexbugs-fixes
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
serialize-javascript <=7.0.4
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - https://github.com/advisories/GHSA-qj8w-gfj5-8c6v
fix available via `npm audit fix --force`
Will install @storybook/addon-essentials@8.6.14, which is a breaking change
node_modules/serialize-javascript
node_modules/webpack/node_modules/serialize-javascript
terser-webpack-plugin <=5.3.16
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
Depends on vulnerable versions of serialize-javascript
node_modules/terser-webpack-plugin
node_modules/webpack/node_modules/terser-webpack-plugin
tar <=7.5.10
Severity: high
node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal - https://github.com/advisories/GHSA-34x7-hfp2-rc4v
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization - https://github.com/advisories/GHSA-8qq5-rm4j-mr97
Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction - https://github.com/advisories/GHSA-83g3-92jg-28cx
tar has Hardlink Path Traversal via Drive-Relative Linkpath - https://github.com/advisories/GHSA-qffp-2rhf-9h96
node-tar Symlink Path Traversal via Drive-Relative Linkpath - https://github.com/advisories/GHSA-9ppj-qmqm-q256
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS - https://github.com/advisories/GHSA-r6q2-hw4h-h46w
fix available via `npm audit fix --force`
Will install @storybook/addon-essentials@8.6.14, which is a breaking change
node_modules/tar
cacache 14.0.0 - 18.0.4
Depends on vulnerable versions of tar
node_modules/cacache
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix`
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark-parse
@mdx-js/mdx <=1.6.22
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
@storybook/mdx1-csf *
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@storybook/mdx1-csf
@storybook/csf-tools 6.5.0-alpha.1 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/mdx1-csf
node_modules/@storybook/csf-tools
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
trim-newlines <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix`
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/default-browser-id/node_modules/meow
uuid <11.1.1
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
No fix available
node_modules/uuid
webpack-log 1.1.0 - 2.0.0
Depends on vulnerable versions of uuid
node_modules/webpack-log
webpack-dev-middleware <=5.3.3
Depends on vulnerable versions of webpack-log
node_modules/webpack-dev-middleware
@storybook/manager-webpack4 *
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@storybook/manager-webpack4
63 vulnerabilities (5 low, 32 moderate, 26 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
--- stdout ---
added 2423 packages, and audited 2424 packages in 52s
339 packages are looking for funding
run `npm fund` for details
63 vulnerabilities (5 low, 32 moderate, 26 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/discover/util/convertUrlToThumbnail.test.js
PASS tests/jest/builder/util/safeAssignString.test.js
PASS tests/jest/builder/util/splitSentences.test.js
PASS tests/jest/builder/util/convertUrlToMobile.test.js
PASS tests/jest/builder/store/story.test.js
Test Suites: 5 passed, 5 total
Tests: 19 passed, 19 total
Snapshots: 0 total
Time: 6.71 s
Ran all test suites.
--- stdout ---
> test
> npm run lint:js && npm run lint:css && jest
> lint:js
> eslint --cache .
> lint:css
> stylelint --cache **/*.{vue,less}
------------------------------------|---------|----------|---------|---------|------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|------------------------------------------
All files | 7.88 | 6.76 | 1.98 | 7.9 |
components | 0 | 0 | 0 | 0 |
ConfirmDialog.vue | 0 | 0 | 0 | 0 | 33-44
DotsMenu.vue | 0 | 100 | 0 | 0 | 17-29
DotsMenuItem.vue | 0 | 100 | 0 | 0 | 16-32
StoryImage.vue | 0 | 0 | 0 | 0 | 25-260
ext.wikistories.builder | 0 | 0 | 0 | 0 |
App.vue | 0 | 0 | 0 | 0 | 8-37
index.js | 0 | 0 | 100 | 0 | 1-19
ext.wikistories.builder/api | 12.5 | 0 | 0 | 12.74 |
getPageInfo.js | 0 | 0 | 0 | 0 | 6-19
saveStory.js | 0 | 0 | 0 | 0 | 10-38
searchImages.js | 14.94 | 0 | 0 | 15.29 | 17-18,28-54,63-74,78-113,125-176,187-206
ext.wikistories.builder/components | 0 | 0 | 0 | 0 |
Alert.vue | 0 | 100 | 100 | 0 | 24
CurrentFrame.vue | 0 | 0 | 0 | 0 | 21-57
Frames.vue | 0 | 0 | 0 | 0 | 32-80
ImageAttribution.vue | 0 | 0 | 0 | 0 | 27-41
ImageListView.vue | 0 | 0 | 0 | 0 | 27-72
ListImage.vue | 0 | 0 | 0 | 0 | 12-61
Navigator.vue | 0 | 0 | 0 | 0 | 27-38
Notice.vue | 0 | 100 | 100 | 0 | 15
Popup.vue | 0 | 100 | 100 | 0 | 12
PrimaryButton.vue | 0 | 100 | 100 | 0 | 9
RouterView.vue | 0 | 100 | 100 | 0 | 6-9
StoryTextbox.vue | 0 | 0 | 0 | 0 | 37-93
Toast.vue | 0 | 100 | 0 | 0 | 8-33
ext.wikistories.builder/mixins | 0 | 0 | 0 | 0 |
observer.js | 0 | 0 | 0 | 0 | 10-115
ext.wikistories.builder/plugins | 0 | 100 | 0 | 0 |
config.js | 0 | 100 | 0 | 0 | 5-20
ext.wikistories.builder/store | 6.27 | 0 | 0 | 6.34 |
article.js | 0 | 0 | 0 | 0 | 1-106
index.js | 0 | 100 | 100 | 0 | 1-7
router.js | 0 | 0 | 0 | 0 | 1-62
search.js | 0 | 0 | 0 | 0 | 1-72
story.js | 11.11 | 0 | 0 | 11.34 | 40-325
ext.wikistories.builder/util | 33 | 21.48 | 24.13 | 32.68 |
beforeUnloadListener.js | 0 | 100 | 0 | 0 | 4-9
calculateUnmodifiedContent.js | 16.66 | 0 | 0 | 16.66 | 2-12,26-53
convertUrlToMobile.js | 100 | 100 | 100 | 100 |
safeAssignString.js | 93.33 | 87.5 | 100 | 93.33 | 26
sortableFrames.js | 0 | 0 | 0 | 0 | 5-221
splitSentences.js | 91.48 | 80 | 100 | 91.3 | 40,94,101-102
strip.js | 22.22 | 0 | 0 | 22.22 | 6-16
validateTitle.js | 0 | 0 | 0 | 0 | 1-43
ext.wikistories.builder/views | 0 | 0 | 0 | 0 |
Article.vue | 0 | 0 | 0 | 0 | 46-123
PublishForm.vue | 0 | 0 | 0 | 0 | 114-273
Search.vue | 0 | 0 | 0 | 0 | 44-136
Story.vue | 0 | 0 | 0 | 0 | 69-248
ext.wikistories.discover | 0 | 0 | 0 | 0 |
Discover.js | 0 | 0 | 0 | 0 | 1-103
index.js | 0 | 0 | 0 | 0 | 1-44
ext.wikistories.discover/api | 0 | 100 | 0 | 0 |
getStories.js | 0 | 100 | 0 | 0 | 5-13
ext.wikistories.discover/util | 100 | 100 | 100 | 100 |
convertUrlToThumbnail.js | 100 | 100 | 100 | 100 |
ext.wikistories.viewaction | 0 | 100 | 100 | 0 |
index.js | 0 | 100 | 100 | 0 | 1-3
ext.wikistories.viewer | 0 | 0 | 0 | 0 |
StoryViewer.vue | 0 | 0 | 0 | 0 | 187-385
index.js | 0 | 0 | 0 | 0 | 1-38
ext.wikistories.viewer/components | 0 | 0 | 0 | 0 |
ImageAttribution.vue | 0 | 100 | 100 | 0 | 31
Textbox.vue | 0 | 0 | 0 | 0 | 18-100
ext.wikistories.viewer/store | 0 | 0 | 0 | 0 |
index.js | 0 | 100 | 100 | 0 | 1-4
story.js | 0 | 0 | 0 | 0 | 1-207
ext.wikistories.viewer/util | 0 | 0 | 0 | 0 |
isTouchDevice.js | 0 | 0 | 100 | 0 | 1-7
timer.js | 0 | 0 | 0 | 0 | 4-38
instrumentation | 0 | 0 | 0 | 0 |
consumptionEvents.js | 0 | 0 | 0 | 0 | 1-52
contributionEvents.js | 0 | 0 | 0 | 0 | 1-64
------------------------------------|---------|----------|---------|---------|------------------------------------------
--- end ---
{"1117908": {"source": 1117908, "name": "@babel/plugin-transform-modules-systemjs", "dependency": "@babel/plugin-transform-modules-systemjs", "title": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input", "url": "https://github.com/advisories/GHSA-fv7c-fp4j-7gwp", "severity": "high", "cwe": ["CWE-94", "CWE-843"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}, "range": ">=7.12.0 <=7.29.3"}}
Upgrading n:@babel/plugin-transform-modules-systemjs from 7.17.8 -> 7.29.4
{}
{}
{}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}, "1101851": {"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}, "1101851": {"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{}
{}
{}
{}
{}
{"1117870": {"source": 1117870, "name": "fast-uri", "dependency": "fast-uri", "title": "fast-uri vulnerable to path traversal via percent-encoded dot segments", "url": "https://github.com/advisories/GHSA-q3j6-qgpj-74h6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<=3.1.0"}, "1117884": {"source": 1117884, "name": "fast-uri", "dependency": "fast-uri", "title": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters", "url": "https://github.com/advisories/GHSA-v39h-62p7-jpjc", "severity": "high", "cwe": ["CWE-436"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<=3.1.1"}}
Upgrading n:fast-uri from 3.0.5 -> 3.1.2
{}
{}
{}
{"1101851": {"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{}
{"1119459": {"source": 1119459, "name": "js-cookie", "dependency": "js-cookie", "title": "JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection", "url": "https://github.com/advisories/GHSA-qjx8-664m-686j", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<=3.0.5"}}
Upgrading n:js-cookie from 3.0.5 -> 3.0.7
{"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}}
{}
{}
{}
{}
{}
{"1113161": {"source": 1113161, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in comma parsing allows denial of service", "url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883", "severity": "low", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=6.7.0 <=6.14.1"}, "1113719": {"source": 1113719, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<6.14.1"}}
Upgrading n:qs from 6.14.0, 6.15.1 -> 6.14.2, 6.15.1
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}}
{"1119108": {"source": 1119108, "name": "ws", "dependency": "ws", "title": "ws: Uninitialized memory disclosure", "url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx", "severity": "moderate", "cwe": ["CWE-908"], "cvss": {"score": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=8.0.0 <8.20.1"}}
Upgrading n:ws from 8.18.0 -> 8.20.1
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* @babel/plugin-transform-modules-systemjs: 7.17.8 → 7.29.4
* https://github.com/advisories/GHSA-fv7c-fp4j-7gwp
* fast-uri: 3.0.5 → 3.1.2
* https://github.com/advisories/GHSA-q3j6-qgpj-74h6
* https://github.com/advisories/GHSA-v39h-62p7-jpjc
* js-cookie: 3.0.5 → 3.0.7
* https://github.com/advisories/GHSA-qjx8-664m-686j
* qs: 6.14.0, 6.15.1 → 6.14.2, 6.15.1
* https://github.com/advisories/GHSA-6rw7-vpxm-498p
* https://github.com/advisories/GHSA-w7fw-mjwx-w883
* ws: 8.18.0 → 8.20.1
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpo3vl31ei
--- stdout ---
[REL1_46 bfff96a] build: Updating npm dependencies
1 file changed, 176 insertions(+), 189 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From bfff96afbd6d9217657f578b10ae1e9dbb865da0 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 22 May 2026 06:52:37 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* @babel/plugin-transform-modules-systemjs: 7.17.8 → 7.29.4
* https://github.com/advisories/GHSA-fv7c-fp4j-7gwp
* fast-uri: 3.0.5 → 3.1.2
* https://github.com/advisories/GHSA-q3j6-qgpj-74h6
* https://github.com/advisories/GHSA-v39h-62p7-jpjc
* js-cookie: 3.0.5 → 3.0.7
* https://github.com/advisories/GHSA-qjx8-664m-686j
* qs: 6.14.0, 6.15.1 → 6.14.2, 6.15.1
* https://github.com/advisories/GHSA-6rw7-vpxm-498p
* https://github.com/advisories/GHSA-w7fw-mjwx-w883
* ws: 8.18.0 → 8.20.1
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
Change-Id: I5982c1d67c2bf41488321f45c73e6458eae203db
---
package-lock.json | 365 ++++++++++++++++++++++------------------------
1 file changed, 176 insertions(+), 189 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 8f3089a..1f02109 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -56,14 +56,14 @@
}
},
"node_modules/@babel/code-frame": {
- "version": "7.26.2",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz",
- "integrity": "sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+ "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
"dev": true,
"dependencies": {
- "@babel/helper-validator-identifier": "^7.25.9",
+ "@babel/helper-validator-identifier": "^7.28.5",
"js-tokens": "^4.0.0",
- "picocolors": "^1.0.0"
+ "picocolors": "^1.1.1"
},
"engines": {
"node": ">=6.9.0"
@@ -115,15 +115,15 @@
"dev": true
},
"node_modules/@babel/generator": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.5.tgz",
- "integrity": "sha512-2caSP6fN9I7HOe6nqhtft7V4g7/V/gfDsC3Ag4W7kEzzvRGKqiv0pu0HogPiZ3KaVSoNDhUws6IJjDjpfmYIXw==",
+ "version": "7.29.1",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.1.tgz",
+ "integrity": "sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==",
"dev": true,
"dependencies": {
- "@babel/parser": "^7.26.5",
- "@babel/types": "^7.26.5",
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.25",
+ "@babel/parser": "^7.29.0",
+ "@babel/types": "^7.29.0",
+ "@jridgewell/gen-mapping": "^0.3.12",
+ "@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
},
"engines": {
@@ -131,17 +131,13 @@
}
},
"node_modules/@babel/generator/node_modules/@jridgewell/gen-mapping": {
- "version": "0.3.8",
- "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.8.tgz",
- "integrity": "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA==",
+ "version": "0.3.13",
+ "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
+ "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==",
"dev": true,
"dependencies": {
- "@jridgewell/set-array": "^1.2.1",
- "@jridgewell/sourcemap-codec": "^1.4.10",
+ "@jridgewell/sourcemap-codec": "^1.5.0",
"@jridgewell/trace-mapping": "^0.3.24"
- },
- "engines": {
- "node": ">=6.0.0"
}
},
"node_modules/@babel/helper-annotate-as-pure": {
@@ -292,14 +288,11 @@
"node": ">=6.9.0"
}
},
- "node_modules/@babel/helper-hoist-variables": {
- "version": "7.22.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz",
- "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==",
+ "node_modules/@babel/helper-globals": {
+ "version": "7.28.0",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
+ "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
"dev": true,
- "dependencies": {
- "@babel/types": "^7.22.5"
- },
"engines": {
"node": ">=6.9.0"
}
@@ -317,27 +310,27 @@
}
},
"node_modules/@babel/helper-module-imports": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.25.9.tgz",
- "integrity": "sha512-tnUA4RsrmflIM6W6RFTLFSXITtl0wKjgpnLgXyowocVPrbYrLUXSBXDgTs8BlbmIzIdlBySRQjINYs2BAkiLtw==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz",
+ "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==",
"dev": true,
"dependencies": {
- "@babel/traverse": "^7.25.9",
- "@babel/types": "^7.25.9"
+ "@babel/traverse": "^7.28.6",
+ "@babel/types": "^7.28.6"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-transforms": {
- "version": "7.26.0",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.26.0.tgz",
- "integrity": "sha512-xO+xu6B5K2czEnQye6BHA7DolFFmS3LB7stHZFaOLb1pAwO1HWLS8fXA+eh0A2yIvltPVmx3eNNDBJA2SLHXFw==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz",
+ "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==",
"dev": true,
"dependencies": {
- "@babel/helper-module-imports": "^7.25.9",
- "@babel/helper-validator-identifier": "^7.25.9",
- "@babel/traverse": "^7.25.9"
+ "@babel/helper-module-imports": "^7.28.6",
+ "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/traverse": "^7.28.6"
},
"engines": {
"node": ">=6.9.0"
@@ -359,9 +352,9 @@
}
},
"node_modules/@babel/helper-plugin-utils": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.26.5.tgz",
- "integrity": "sha512-RS+jZcRdZdRFzMyr+wcsaqOmld1/EqTghfaBGQQd/WnRdzdlvSZ//kF7U8VQTxf1ynZ4cjUcYgjVGx13ewNPMg==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.28.6.tgz",
+ "integrity": "sha512-S9gzZ/bz83GRysI7gAD4wPT/AI3uCnY+9xn+Mx/KPs2JwHJIz1W8PZkg2cqyt3RNOBM8ejcXhV6y8Og7ly/Dug==",
"dev": true,
"engines": {
"node": ">=6.9.0"
@@ -435,18 +428,18 @@
}
},
"node_modules/@babel/helper-string-parser": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz",
- "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==",
+ "version": "7.27.1",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+ "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
"dev": true,
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-identifier": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz",
- "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==",
+ "version": "7.28.5",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+ "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
"dev": true,
"engines": {
"node": ">=6.9.0"
@@ -490,12 +483,12 @@
}
},
"node_modules/@babel/parser": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz",
- "integrity": "sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==",
+ "version": "7.29.3",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.3.tgz",
+ "integrity": "sha512-b3ctpQwp+PROvU/cttc4OYl4MzfJUWy6FZg+PMXfzmt/+39iHVF0sDfqay8TQM3JA2EUOyKcFZt75jWriQijsA==",
"dev": true,
"dependencies": {
- "@babel/types": "^7.26.10"
+ "@babel/types": "^7.29.0"
},
"bin": {
"parser": "bin/babel-parser.js"
@@ -1384,16 +1377,15 @@
}
},
"node_modules/@babel/plugin-transform-modules-systemjs": {
- "version": "7.17.8",
- "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.17.8.tgz",
- "integrity": "sha512-39reIkMTUVagzgA5x88zDYXPCMT6lcaRKs1+S9K6NKBPErbgO/w/kP8GlNQTC87b412ZTlmNgr3k2JrWgHH+Bw==",
+ "version": "7.29.4",
+ "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.29.4.tgz",
+ "integrity": "sha512-N7QmZ0xRZfjHOfZeQLJjwgX2zS9pdGHSVl/cjSGlo4dXMqvurfxXDMKY4RqEKzPozV78VMcd0lxyG13mlbKc4w==",
"dev": true,
"dependencies": {
- "@babel/helper-hoist-variables": "^7.16.7",
- "@babel/helper-module-transforms": "^7.17.7",
- "@babel/helper-plugin-utils": "^7.16.7",
- "@babel/helper-validator-identifier": "^7.16.7",
- "babel-plugin-dynamic-import-node": "^2.3.3"
+ "@babel/helper-module-transforms": "^7.28.6",
+ "@babel/helper-plugin-utils": "^7.28.6",
+ "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/traverse": "^7.29.0"
},
"engines": {
"node": ">=6.9.0"
@@ -1943,45 +1935,45 @@
"dev": true
},
"node_modules/@babel/template": {
- "version": "7.26.9",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz",
- "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz",
+ "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==",
"dev": true,
"dependencies": {
- "@babel/code-frame": "^7.26.2",
- "@babel/parser": "^7.26.9",
- "@babel/types": "^7.26.9"
+ "@babel/code-frame": "^7.28.6",
+ "@babel/parser": "^7.28.6",
+ "@babel/types": "^7.28.6"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/traverse": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.5.tgz",
- "integrity": "sha512-rkOSPOw+AXbgtwUga3U4u8RpoK9FEFWBNAlTpcnkLFjL5CT+oyHNuUUC/xx6XefEJ16r38r8Bc/lfp6rYuHeJQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.0.tgz",
+ "integrity": "sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==",
"dev": true,
"dependencies": {
- "@babel/code-frame": "^7.26.2",
- "@babel/generator": "^7.26.5",
- "@babel/parser": "^7.26.5",
- "@babel/template": "^7.25.9",
- "@babel/types": "^7.26.5",
- "debug": "^4.3.1",
- "globals": "^11.1.0"
+ "@babel/code-frame": "^7.29.0",
+ "@babel/generator": "^7.29.0",
+ "@babel/helper-globals": "^7.28.0",
+ "@babel/parser": "^7.29.0",
+ "@babel/template": "^7.28.6",
+ "@babel/types": "^7.29.0",
+ "debug": "^4.3.1"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/types": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz",
- "integrity": "sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
+ "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
"dev": true,
"dependencies": {
- "@babel/helper-string-parser": "^7.25.9",
- "@babel/helper-validator-identifier": "^7.25.9"
+ "@babel/helper-string-parser": "^7.27.1",
+ "@babel/helper-validator-identifier": "^7.28.5"
},
"engines": {
"node": ">=6.9.0"
@@ -3951,9 +3943,9 @@
"dev": true
},
"node_modules/@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
+ "version": "0.3.31",
+ "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz",
+ "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==",
"dev": true,
"dependencies": {
"@jridgewell/resolve-uri": "^3.1.0",
@@ -14293,9 +14285,9 @@
"dev": true
},
"node_modules/fast-uri": {
- "version": "3.0.5",
- "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.5.tgz",
- "integrity": "sha512-5JnBCWpFlMo0a3ciDy/JckMzzv1U9coZrIhedq+HXxxUfDTAiS0LA8OKVao4G9BxmCVck/jtA5r3KAtRWEyD8Q==",
+ "version": "3.1.2",
+ "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz",
+ "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==",
"dev": true,
"funding": [
{
@@ -20262,12 +20254,12 @@
}
},
"node_modules/js-cookie": {
- "version": "3.0.5",
- "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz",
- "integrity": "sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==",
+ "version": "3.0.7",
+ "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.7.tgz",
+ "integrity": "sha512-z/wZZgDrkNV1eA0ULjM/F9/50Ya8fbzgKneSpoPsXSGd0KnpdtHfOZWK+GcwLk+EZbS4F9RBhU+K2RgzuDaItw==",
"dev": true,
"engines": {
- "node": ">=14"
+ "node": ">=20"
}
},
"node_modules/js-string-escape": {
@@ -23813,9 +23805,9 @@
]
},
"node_modules/qs": {
- "version": "6.14.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
- "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
+ "version": "6.14.2",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+ "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
"dev": true,
"dependencies": {
"side-channel": "^1.1.0"
@@ -30024,9 +30016,9 @@
}
},
"node_modules/ws": {
- "version": "8.18.0",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz",
- "integrity": "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==",
+ "version": "8.20.1",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+ "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -30189,14 +30181,14 @@
}
},
"@babel/code-frame": {
- "version": "7.26.2",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz",
- "integrity": "sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+ "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
"dev": true,
"requires": {
- "@babel/helper-validator-identifier": "^7.25.9",
+ "@babel/helper-validator-identifier": "^7.28.5",
"js-tokens": "^4.0.0",
- "picocolors": "^1.0.0"
+ "picocolors": "^1.1.1"
}
},
"@babel/compat-data": {
@@ -30237,26 +30229,25 @@
}
},
"@babel/generator": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.5.tgz",
- "integrity": "sha512-2caSP6fN9I7HOe6nqhtft7V4g7/V/gfDsC3Ag4W7kEzzvRGKqiv0pu0HogPiZ3KaVSoNDhUws6IJjDjpfmYIXw==",
+ "version": "7.29.1",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.1.tgz",
+ "integrity": "sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==",
"dev": true,
"requires": {
- "@babel/parser": "^7.26.5",
- "@babel/types": "^7.26.5",
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.25",
+ "@babel/parser": "^7.29.0",
+ "@babel/types": "^7.29.0",
+ "@jridgewell/gen-mapping": "^0.3.12",
+ "@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
},
"dependencies": {
"@jridgewell/gen-mapping": {
- "version": "0.3.8",
- "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.8.tgz",
- "integrity": "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA==",
+ "version": "0.3.13",
+ "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
+ "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==",
"dev": true,
"requires": {
- "@jridgewell/set-array": "^1.2.1",
- "@jridgewell/sourcemap-codec": "^1.4.10",
+ "@jridgewell/sourcemap-codec": "^1.5.0",
"@jridgewell/trace-mapping": "^0.3.24"
}
}
@@ -30379,14 +30370,11 @@
"@babel/types": "^7.23.0"
}
},
- "@babel/helper-hoist-variables": {
- "version": "7.22.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz",
- "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==",
- "dev": true,
- "requires": {
- "@babel/types": "^7.22.5"
- }
+ "@babel/helper-globals": {
+ "version": "7.28.0",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
+ "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
+ "dev": true
},
"@babel/helper-member-expression-to-functions": {
"version": "7.21.5",
@@ -30398,24 +30386,24 @@
}
},
"@babel/helper-module-imports": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.25.9.tgz",
- "integrity": "sha512-tnUA4RsrmflIM6W6RFTLFSXITtl0wKjgpnLgXyowocVPrbYrLUXSBXDgTs8BlbmIzIdlBySRQjINYs2BAkiLtw==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz",
+ "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==",
"dev": true,
"requires": {
- "@babel/traverse": "^7.25.9",
- "@babel/types": "^7.25.9"
+ "@babel/traverse": "^7.28.6",
+ "@babel/types": "^7.28.6"
}
},
"@babel/helper-module-transforms": {
- "version": "7.26.0",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.26.0.tgz",
- "integrity": "sha512-xO+xu6B5K2czEnQye6BHA7DolFFmS3LB7stHZFaOLb1pAwO1HWLS8fXA+eh0A2yIvltPVmx3eNNDBJA2SLHXFw==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz",
+ "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==",
"dev": true,
"requires": {
- "@babel/helper-module-imports": "^7.25.9",
- "@babel/helper-validator-identifier": "^7.25.9",
- "@babel/traverse": "^7.25.9"
+ "@babel/helper-module-imports": "^7.28.6",
+ "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/traverse": "^7.28.6"
}
},
"@babel/helper-optimise-call-expression": {
@@ -30428,9 +30416,9 @@
}
},
"@babel/helper-plugin-utils": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.26.5.tgz",
- "integrity": "sha512-RS+jZcRdZdRFzMyr+wcsaqOmld1/EqTghfaBGQQd/WnRdzdlvSZ//kF7U8VQTxf1ynZ4cjUcYgjVGx13ewNPMg==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.28.6.tgz",
+ "integrity": "sha512-S9gzZ/bz83GRysI7gAD4wPT/AI3uCnY+9xn+Mx/KPs2JwHJIz1W8PZkg2cqyt3RNOBM8ejcXhV6y8Og7ly/Dug==",
"dev": true
},
"@babel/helper-remap-async-to-generator": {
@@ -30486,15 +30474,15 @@
}
},
"@babel/helper-string-parser": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz",
- "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==",
+ "version": "7.27.1",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+ "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
"dev": true
},
"@babel/helper-validator-identifier": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz",
- "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==",
+ "version": "7.28.5",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+ "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
"dev": true
},
"@babel/helper-validator-option": {
@@ -30526,12 +30514,12 @@
}
},
"@babel/parser": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz",
- "integrity": "sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==",
+ "version": "7.29.3",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.3.tgz",
+ "integrity": "sha512-b3ctpQwp+PROvU/cttc4OYl4MzfJUWy6FZg+PMXfzmt/+39iHVF0sDfqay8TQM3JA2EUOyKcFZt75jWriQijsA==",
"dev": true,
"requires": {
- "@babel/types": "^7.26.10"
+ "@babel/types": "^7.29.0"
}
},
"@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": {
@@ -31105,16 +31093,15 @@
}
},
"@babel/plugin-transform-modules-systemjs": {
- "version": "7.17.8",
- "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.17.8.tgz",
- "integrity": "sha512-39reIkMTUVagzgA5x88zDYXPCMT6lcaRKs1+S9K6NKBPErbgO/w/kP8GlNQTC87b412ZTlmNgr3k2JrWgHH+Bw==",
+ "version": "7.29.4",
+ "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.29.4.tgz",
+ "integrity": "sha512-N7QmZ0xRZfjHOfZeQLJjwgX2zS9pdGHSVl/cjSGlo4dXMqvurfxXDMKY4RqEKzPozV78VMcd0lxyG13mlbKc4w==",
"dev": true,
"requires": {
- "@babel/helper-hoist-variables": "^7.16.7",
- "@babel/helper-module-transforms": "^7.17.7",
- "@babel/helper-plugin-utils": "^7.16.7",
- "@babel/helper-validator-identifier": "^7.16.7",
- "babel-plugin-dynamic-import-node": "^2.3.3"
+ "@babel/helper-module-transforms": "^7.28.6",
+ "@babel/helper-plugin-utils": "^7.28.6",
+ "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/traverse": "^7.29.0"
}
},
"@babel/plugin-transform-modules-umd": {
@@ -31497,39 +31484,39 @@
}
},
"@babel/template": {
- "version": "7.26.9",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz",
- "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==",
+ "version": "7.28.6",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz",
+ "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==",
"dev": true,
"requires": {
- "@babel/code-frame": "^7.26.2",
- "@babel/parser": "^7.26.9",
- "@babel/types": "^7.26.9"
+ "@babel/code-frame": "^7.28.6",
+ "@babel/parser": "^7.28.6",
+ "@babel/types": "^7.28.6"
}
},
"@babel/traverse": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.5.tgz",
- "integrity": "sha512-rkOSPOw+AXbgtwUga3U4u8RpoK9FEFWBNAlTpcnkLFjL5CT+oyHNuUUC/xx6XefEJ16r38r8Bc/lfp6rYuHeJQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.0.tgz",
+ "integrity": "sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==",
"dev": true,
"requires": {
- "@babel/code-frame": "^7.26.2",
- "@babel/generator": "^7.26.5",
- "@babel/parser": "^7.26.5",
- "@babel/template": "^7.25.9",
- "@babel/types": "^7.26.5",
- "debug": "^4.3.1",
- "globals": "^11.1.0"
+ "@babel/code-frame": "^7.29.0",
+ "@babel/generator": "^7.29.0",
+ "@babel/helper-globals": "^7.28.0",
+ "@babel/parser": "^7.29.0",
+ "@babel/template": "^7.28.6",
+ "@babel/types": "^7.29.0",
+ "debug": "^4.3.1"
}
},
"@babel/types": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz",
- "integrity": "sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==",
+ "version": "7.29.0",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
+ "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
"dev": true,
"requires": {
- "@babel/helper-string-parser": "^7.25.9",
- "@babel/helper-validator-identifier": "^7.25.9"
+ "@babel/helper-string-parser": "^7.27.1",
+ "@babel/helper-validator-identifier": "^7.28.5"
}
},
"@bcoe/v8-coverage": {
@@ -33013,9 +33000,9 @@
"dev": true
},
"@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
+ "version": "0.3.31",
+ "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz",
+ "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==",
"dev": true,
"requires": {
"@jridgewell/resolve-uri": "^3.1.0",
@@ -40766,9 +40753,9 @@
"dev": true
},
"fast-uri": {
- "version": "3.0.5",
- "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.5.tgz",
- "integrity": "sha512-5JnBCWpFlMo0a3ciDy/JckMzzv1U9coZrIhedq+HXxxUfDTAiS0LA8OKVao4G9BxmCVck/jtA5r3KAtRWEyD8Q==",
+ "version": "3.1.2",
+ "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz",
+ "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==",
"dev": true
},
"fastest-levenshtein": {
@@ -45307,9 +45294,9 @@
}
},
"js-cookie": {
- "version": "3.0.5",
- "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz",
- "integrity": "sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==",
+ "version": "3.0.7",
+ "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.7.tgz",
+ "integrity": "sha512-z/wZZgDrkNV1eA0ULjM/F9/50Ya8fbzgKneSpoPsXSGd0KnpdtHfOZWK+GcwLk+EZbS4F9RBhU+K2RgzuDaItw==",
"dev": true
},
"js-string-escape": {
@@ -48143,9 +48130,9 @@
"dev": true
},
"qs": {
- "version": "6.14.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
- "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
+ "version": "6.14.2",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+ "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
"dev": true,
"requires": {
"side-channel": "^1.1.0"
@@ -52941,9 +52928,9 @@
}
},
"ws": {
- "version": "8.18.0",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz",
- "integrity": "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==",
+ "version": "8.20.1",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+ "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
"dev": true
},
"x-default-browser": {
--
2.47.3
--- end ---